Wordfence! Publishes Security Updates for WordPress plugin

by CIRT Team

Description: PHP Object Injection Vulnerability Severity 9.8 (Critical) have been found in Appointments, RegistrationMagic-Custom Registration Forms, and Flickr Gallery plugins. Affected plugins and versions:

• Appointments by WPMU Dev (fixed in 2.2.2)
• Flickr Gallery by Dan Coulter (fixed in 1.5.3)
• RegistrationMagic-Custom Registration Forms by CMSHelpLive (fixed in 3.7.9.3)

Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts