Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT: A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) OVERVIEW: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code ...

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT: A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) OVERVIEW: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code ...

Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid it at ...

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server ...
Fake French Police Sextortion Scam

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to ...

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any ...
Fake Human Verification Spam

Fake Human Verification Spam

We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced Booking Calendar ...

Misuse of WordPress update_option() function Leads to Website Infections

In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a named option/value ...

Security Advisory: Targeting AD FS With External Brute-Force Attacks

On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that create a wide scale denial-of-service ...