Ike.ninja

The second release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 3.7.0-3.9.15
• Exploit type: Incorrect Access Control
• Reported Date: 2020-February-28
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10239

Description

Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

Affected Installs

Joomla! CMS versions 3.7.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 2.5.0-3.9.15
• Exploit type: Incorrect Access Control
• Reported Date: 2020-January-31
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10238

Description

Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

Affected Installs

Joomla! CMS versions 2.5.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.2.0-3.9.15
• Exploit type: CSRF
• Reported Date: 2020-February-06
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10241

Description

Missing token checks in the image actions of com_templates causes CSRF vulnerabilities.

Affected Installs

Joomla! CMS versions 3.2.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

The first release candidate for WordPress 5.4 is now available! This is an important milestone as we progress toward the WordPress 5.4 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.4 is currently […]

February 2020 was a busy month in the WordPress project! Most notably, there was an outpouring of sentiment in response to the unfortunate cancellation of WordCamp Asia. However, the team continues to work hard in the hopes of making WordCamp Asia 2021 happen. In addition, there were a number of releases and some exciting new […]

As mentioned in this post, Matt will host a livestream on February 22 during Bangkok daylight hours. He opened an invitation to any speaker who was affected by the cancellation, and the livestream will include the following fine people: Imran Sayed, Md Saif Hassan, Muhammad Muhsin, Nirav Mehta, Piccia Neri, Umar Draz, and Francesca Marano […]

WordPress 5.4 Beta 2 is now available! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.4 beta 2 in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) Or download […]

I’ve arrived at the difficult decision to cancel the inaugural WordCamp Asia event, which was planned to take place in Bangkok on February 21st. The excitement and anticipation around this event have been huge, but there are too many unknowns around the health issues unfolding right now in the region to explicitly encourage a large […]

Helping create a safer internet is an essential part of cPanel’s mission, and that’s why we began integrating security extensions right into our product. We started by offering Imunify360, a robust and comprehensive security suite, as a featured product in 2018. Then, in 2019, we integrated ImunifyAV into all cPanel & WHM servers. Now, with the release of cPanel & WHM Version 86, we are pleased to include ImunifyAV+ as a product that can be purchased …

Beginning in cPanel & WHM Version 86, the way we use the term “LTS” or Long Term Support in reference to our software is changing. We’re making this important change for several reasons, and we want to provide you with information to help you keep your servers secure and up to date. How cPanel’s Versioning and Tiers Work  We’re making a change to our release methodology and update system, which will assist you in keeping your servers …

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 3.9.0-3.9.14
• Exploit type: XSS
• Reported Date: 2019-December-25
• Fixed Date: 2020-January-28
• CVE Number: CVE-2020-xxxxx

Description

Inadequate escaping of usernames allow XSS attacks in com_actionlogs.

Affected Installs

Joomla! CMS versions 3.9.0 – 3.9.14

Solution

Upgrade to version 3.9.15

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.0.0-3.9.14
• Exploit type: CSRF
• Reported Date: 2019-December-23
• Fixed Date: 2020-January-28
• CVE Number: CVE-2020-8419

Description

Missing token checks in the batch actions of various components causes CSRF vulnerabilities.

Affected Installs

Joomla! CMS versions 3.0.0 – 3.9.14

Solution

Upgrade to version 3.9.15

Contact

The JSST at the Joomla! Security Centre.

Two members of the WordPress leadership team were nominated for excellent work in their field in the first ever Community Industry Awards. Andrea Middleton is nominated for Executive Leader of a Community Team and Josepha Haden Chomphosy is nominated for Community Professional of the Year. CMX is one of the largest professional organizations dedicated to […]

As 2019 draws to a close and we look ahead to another exciting year let’s take a moment to review what the WordPress community achieved in December. WordPress 5.3.1 and 5.3.2 Releases The WordPress 5.3.1 security and maintenance release was announced on December 13. It features 46 fixes and enhancements. This version corrects four security […]