A critical safety vulnerability affected the WordPress plugin Safety Protect, which may enable arbitrary file inclusion. The builders patched the flaw with the most recent plugin launch, making it vital for the customers to replace to the most recent variations as quickly as potential.
Protect Safety Plugin Vulnerability Allowed File
In response to the small print shared in a submit from the crew Wordfence, an area file inclusion vulnerability riddled the WordPress plugin Protect Safety.
Protect Safety plugin affords a easy firewall for WordPress web sites, stopping bot assaults, malware, and different associated threats. The plugin presently boasts over 50,000 lively installations, indicating the large variety of web sites uncovered to threats as a consequence of any safety vulnerabilities affecting the plugin.
Particularly, the vulnerability affected the plugin’s render_action_template parameter that permitting an unauthenticated adversary to incorporate malicious PHP information on the goal server. Finally, an attacker may execute malicious PHP codes by way of these information.
This vulnerability, CVE-2023-6989, obtained a crucial safety ranking with a CVSS rating of 9.8. Wordfence confirmed that the problem usually affected PHP information solely, ruling out the potential for distant code execution assaults. Nevertheless, they did verify that an attacker had quite a few choices to incorporate and execute malicious PHP information on the goal server. Of their submit, the researchers additionally introduced an in depth technical evaluation of the exploit.
Wordfence acknowledged the researcher with alias hir0ot for accountable vulnerability disclosure by way of Wordfence’s bug bounty program. The agency additionally awarded the researcher a $938 bounty for these findings.
Following the bug report, the plugin builders patched the vulnerability with the Protect Safety plugin model 18.5.10. But, the plugin’s official web page mentions 19.0.6 as the most recent launch, indicating additional updates since this safety repair. Therefore, all customers working this plugin on their web sites should guarantee updating to the plugin 18.5.10 or later (ideally to the most recent obtainable model) to obtain all vital bug fixes.
Tell us your ideas within the feedback.
Cu-Tech 360° WiFi CCTV Security Camera for Home Outdoor High HD Focus Spy Magnet Mini Spy WiFi Magnetic Live Stream Night Vision IP Wireless 1080P Audio Video Hidden Camera for Home Offices Security
₹680.00 (as of February 9, 2024 20:45 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
realme Buds T300 Truly Wireless in-Ear Earbuds with 30dB ANC, 360° Spatial Audio Effect, 12.4mm Dynamic Bass Boost Driver with Dolby Atmos Support, Upto 40Hrs Battery and Fast Charging (Youth White)
₹2,099.00 (as of February 9, 2024 20:45 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Mivi DuoPods A750 True Wireless Earbuds, Multi Device Connectivity, Metallic Finish, 55+ Hrs Playtime, 13MM Drivers, IPX 4.0, Type C Charging, AI-ENC for Call Clarity, Made in India - Black
₹1,199.00 (as of February 9, 2024 20:45 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Sounce Smartwatch Usb All Type Charging Cable Compatible With Boat, Fire Boltt, Noise, Dizo, Beatxp, Fast-Track, Ptron & All 2 Pin Charger Watches (Cable Only), Black
₹149.00 (as of February 9, 2024 20:45 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
OnePlus Buds Z2 Bluetooth Truly Wireless in Ear Earbuds with mic, Active Noise Cancellation, 10 Minutes Flash Charge & Upto 38 Hours Battery [Matte Black]
₹3,999.00 (as of February 9, 2024 20:45 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Dell KB216/KB216d1 Multimedia USB Keyboard with Super Quite Plunger Keys with Spill-Resistant Wired Keybaord Black
₹569.00 (as of February 9, 2024 20:41 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Storio Kids Toys LCD Writing Tablet 8.5Inch E-Note Pad Best Birthday Gift for Girls Boys, Multicolor
₹129.00 (as of February 9, 2024 20:41 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Canon PIXMA PG47 Black Ink Cartridge
₹647.00 (as of February 9, 2024 20:41 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Seagate Expansion 1TB External HDD - USB 3.0 for Windows and Mac with 3 yr Data Recovery Services, Portable Hard Drive (STKM1000400)
₹4,973.00 (as of February 9, 2024 20:41 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Logitech B170 Wireless Mouse, 2.4 GHz with USB Nano Receiver, Optical Tracking, 12-Months Battery Life, Ambidextrous, PC/Mac/Laptop - Black
₹595.00 (as of February 9, 2024 20:41 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Rioddas External CD/DVD Drive for Laptop USB 3.0 CD/DVD Player Portable +/-RW Burner CD ROM Reader Rewriter Writer Disk Duplicator Compatible with Laptop Desktop PC Windows Apple Mac Pro Macbook Linux
$19.99 (as of February 8, 2024 20:39 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ARCTIC MX-6 (4 g) - Ultimate Performance Thermal Paste for CPU, Consoles, Graphics Cards, laptops, Very high Thermal Conductivity, Long Durability, Non-Conductive, CPU Thermal Paste
$6.15 (as of February 8, 2024 20:39 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Graphics Card GPU Brace Support, Video Card Sag Holder Bracket, GPU Stand, L
$9.99 (as of February 8, 2024 20:39 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Corsair VENGEANCE LPX DDR4 RAM 32GB (2x16GB) 3200MHz CL16 Intel XMP 2.0 Computer Memory - Black (CMK32GX4M2E3200C16)
$77.99 (as of February 8, 2024 20:39 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)