Threat Advisories

New vulnerability allows attackers to takeover entire WordPress website

June 21, 2022

Threat Level

Red

Vulnerability Report

For a detailed advisory, download the pdf file here

Summary

An unauthenticated attacker can call multiple methods in Ninja Forms class in order to inject objects to eventually perform Remote Code Execution(RCE).

Vulnerability in Zimbra that steals clear-text credentials from users

DriftingCloud exploits zero-day in Sophos firewall