Security Links
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() without restricting to a safe set of roles. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Red Canary Threat Detection Report

See the top MITRE ATT&CK® techniques we observed in confirmed cyber threats across the Red Canary customer base in 2022.

Visit Website
Bitdefender

Smart Cybersecurity for a Smarter World. AI-Powered Protection for Your Small Business.

Buy Now Promote Certo

Detect spyware with Certo AntiSpy

Promote