Pritect

123 posts

Pritect

@Pritect

Searching for bugs in all the wrong places.

Pacific Northwest, USA Katılım Ekim 2014

644 Takip Edilen89 Takipçiler

Pritect@Pritect·28 Ağu

Reported in 2016 (via @Hacker0x01): logged in @WordPress users could run arbitrary shortcodes. Fixed in 6.3.2 many years later. Who's looking out for third-party plugin developers? bit.ly/4fWVmOV

English

Pritect@Pritect·25 Tem

#WordPress plugin Advanced Custom Fields < 5.12.3 can allow unauthenticated users to upload arbitrary files @wpacf @dliciousbrains bit.ly/3veR5QE

English

Pritect retweetledi

Laxmikant Bhumkar@LuckyBhumkar·15 Tem

Ⓦ WordPress plugin Advanced Custom Fields (ACF) < 5.12.2 has an arbitrary file upload vulnerability. ACF has released an update. Recommended to update your site as soon as possible. Reported by James Golovich (@Pritect). #WordPress #security

English

Pritect retweetledi

Shodan@shodanhq·12 Tem

The Membership will be on sale for 24 hours this Sunday (GMT). Be prepared.

English

174

408

1.2K

Pritect retweetledi

Advanced Custom Fields@wp_acf·14 Tem

Thanks to James Golovich from Pritect, Inc (@pritect) for reporting 🙌

English

Pritect retweetledi

Advanced Custom Fields@wp_acf·14 Tem

We've just released ACF 5.12.3 with a security fix to prevent arbitrary file uploads to forms with ACF fields. Now that we've released this update, we recommend updating your sites as soon as possible.

English

Pritect@Pritect·27 Kas

Elementor Page Builder #WordPress plugin version <= 1.7.12 allows logged in users unrestricted editing @elemntor pritect.net/blog/elementor…

English

Pritect@Pritect·18 Nis

#WordPress shortcode injection as an attack vector pritect.net/blog/wordpress…

Svenska

Pritect@Pritect·21 Ara

No @bluehost, it is not ok to aggressively cache HTTP GET requests that the response contains a Set-Cookie header

English

Pritect@Pritect·6 Ara

WordPress plugin Ultimate Member < 1.3.76 Critical Security Issue allows unauthenticated password changes pritect.net/blog/ultimate-… @umplugin

English

Pritect@Pritect·29 Haz

PeepSo <= 1.6.0 #WordPress plugin allows privilege escalation of a logged in user pritect.net/blog/peepso-1-… @peepsowp

English

Pritect@Pritect·28 Haz

MemberSonic Lite <= 1.2 #WordPress plugin allows login without proper authorization pritect.net/blog/memberson… @pluginresults

English

Pritect@Pritect·23 Haz

@pluginresults I've been emailing about an issue for a few days without a response, please get in touch asap.

English

Pritect@Pritect·21 Haz

Advanced Access Manager <= 3.2.1 #WordPress plugin allows privilege escalation by logged in users pritect.net/blog/advanced-… @vasyltech

English

Pritect retweetledi

WPScan - WordPress Security@_WPScan_·31 May

[DB] Stream <= 3.0.5 - Unauthenticated Events Export - wpvulndb.com/vulnerabilitie…

English

Pritect retweetledi

Saturday Drive, INC@SaturdayDriveHQ·5 May

Important Security Update or You Always Hurt the Ones You Love ninjaforms.com/important-secu…

English

Pritect@Pritect·4 May

@danielcid Ninja Forms

English

Pritect@Pritect·4 May

Multiple Critical Vulnerabilities in Ninja Forms WordPress plugin <= 2.9.42. Update immediately. pritect.net/blog/ninja-for… @wpninjas

English

Pritect@Pritect·27 Nis

@pixolin @wpninjas If you don't select any options it allows you to deactivate. IMO cancel button should just be deactivate.

English

Pritect@Pritect·23 Nis

@Josh412 @zamoose I'd guess that it has some code to not cache POST

English

Keşfet

@Hacker0x01 @WordPress @dliciousbrains @elemntor @bluehost @umplugin @peepsowp @vasyltech