disclosure
-
Blog
Hackers exploit WordPress plugin auth bypass hours after disclosure
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79, released at the beginning of the month. The OttoKit WordPress plugin allows users to connect plugins and external tools like WooCommerce, Mailchimp, and Google Sheets,…
Read More » -
Blog
AMD patches microcode security holes after accidental early disclosure
Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation. “It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a…
Read More » -
Blog
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams. Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the…
Read More » -
Blog
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites. The issue was…
Read More »