WordPress <= 5.2.3 – Admin Referrer Validation

https://wpvulndb.com/vulnerabilities/9913

WordPress <= 5.2.3 – Server-Side Request Forgery (SSRF) in URL Validation

https://wpvulndb.com/vulnerabilities/9912

WordPress <= 5.2.3 – JSON Request Cache Poisoning

https://wpvulndb.com/vulnerabilities/9911

WordPress <= 5.2.3 – Stored XSS in Style Tags

https://wpvulndb.com/vulnerabilities/9910

WordPress <= 5.2.3 – Viewing Unauthenticated Posts

https://wpvulndb.com/vulnerabilities/9909

WordPress <= 5.2.3 – Stored XSS in Customizer

https://wpvulndb.com/vulnerabilities/9908

WordPress 5.2.4 Security Release

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. Props to David Newman […]

Top 10 Website Hardening Tips

http://feedproxy.google.com/~r/sucuri/blog/~3/rmrG-RVQxog/top-10-website-hardening-tips.html
Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: 1 – Keep your website updated Every single piece of software required to run your application needs to be kept up to date with the latest patches and security updates. Website vulnerabilities come in all shapes and sizes, so it is important to update your CMS along with any third party components like plugins, themes, and extensions. Continue reading Top 10 Website Hardening Tips at Sucuri Blog.

Popup-Maker < 1.8.12 – Multiple Vulnerabilities

https://wpvulndb.com/vulnerabilities/9907

Lara Google Analytics <= 2.0.4 – Authenticated Stored XSS

https://wpvulndb.com/vulnerabilities/9906