WordPress – Cross-Site Scripting (XSS) in Shortcode Previews

 

Description: WordPress before version 5.2.3 allows XSS in shortcode previews, which gives attackers chances to compromise the victim’s web server.

Threat: An attacker who exploited the vulnerability could potentially be able to execute arbitrary JavaScript/HTML code in the browser of victims who access the compromised page.

Criticality: Medium

Update/Patch: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/

 

Adobe Flash Player – Arbitrary Code Execution Vulnerability

 

Description: Adobe Flash Player Desktop Runtime and for Chrome 32.0.0.238 and earlier versions, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability.

Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.

Criticality: Medium

Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-46.html

 

Windows Transaction Manager – Information Disclosure Vulnerability

 

Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. an attacker would first have to log on to the system, and then run a specially crafted application.

Threat:  An attacker who exploited the vulnerability could potentially read data that was not intended to be disclosed.

Criticality: High

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.

You have Successfully Subscribed!

Share This

Contacting us to better serve you

 

Dear customers,

We continue to experience higher-than-normal volumes of phone requests related to remote working arrangements. Therefore, if you have a support issue or need to contact us, we ask that you please email support@getnext.com.au first with your contact details, your business name and the nature of your issue. If you already have a ticket number, please respond to the ticket email received.

Regards,

The getNEXT Team