Enjoy priority support and immediate help for your WordPress sites!

WP Security: 2 theme vulnerabilities in January 2019

WP Security: 2 theme vulnerabilities in January 2019

WP Security bulletin - January 2019

At your next scheduledWordPress Maintenance, be advised for yourWP Security about the latest2 vulnerabilities in a premium WordPress theme identified and reported publicly during. As these vulnerabilities are disclosed, when you use one(or more) of these outdated plugins - your risking serious WordPress breaches to your site(s).


  • JobCareer | Job Board Responsive WordPress Theme
    • - Authenticated Stored Cross-Site Scripting (XSS) reported by Anthony MAESTRE. The WP-job hunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the "cs_employer_ajax_profile()" function through the admin-ajax PHP file, which allows remote unauthenticated attackers to enumerate information about users.
    • - Authenticated Stored Cross-Site Scripting (XSS) reported by Anthony MAESTRE. The WP-job hunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.
      • WP Security recommendation: immediately upgrade to version 2.4.1 to fix both vulnerabilities.

 

Our only security is our ability to change. ~ John Lilly

Summary
WP Security: 2 theme vulnerabilities in January 2019
Article Name
Description
At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 2 vulnerabilities in premium WP themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WP breaches to your site(s).
Author
Publisher
owl power EUROPE
https://owlpower.eu/wp-content/uploads/2016/03/logo-owl-power-square-e1467623463429.jpg

Related Posts

Leave a comment