WordPress – Cross-Site Scripting (XSS) in Shortcode Previews


Description: WordPress before version 5.2.3 allows XSS in shortcode previews, which gives attackers chances to compromise the victim’s web server.

Threat: An attacker who exploited the vulnerability could potentially be able to execute arbitrary JavaScript/HTML code in the browser of victims who access the compromised page.

Criticality: Medium

Update/Patch: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/


Adobe Flash Player – Arbitrary Code Execution Vulnerability


Description: Adobe Flash Player Desktop Runtime and for Chrome and earlier versions, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 and earlier versions have a Same Origin Method Execution vulnerability.

Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.

Criticality: Medium

Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-46.html


Windows Transaction Manager – Information Disclosure Vulnerability


Description: An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. an attacker would first have to log on to the system, and then run a specially crafted application.

Threat:  An attacker who exploited the vulnerability could potentially read data that was not intended to be disclosed.

Criticality: High

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219



Submit a Comment

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.

You have Successfully Subscribed!

Share This