Tag Archives: content management system

Joomla Joomla! Two Critical Flaws Discovered — Update to Protect Your Site

Joomla – the world’s second popular open source Content Management System (CMS) software packages, has just released the latest version of its CMS, which includes patches for two critical security vulnerabilities and a bug fix.
<!– adsense –>
The two critical flaws, both exist in the Joomla Core functionalities, include Account Creation Vulnerability (CVE-2016-8870) and Elevated Privileges

3 Popular Drupal Modules Found Vulnerable — Patch Released

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site.

Below are the three separate Drupal modules that affect up to 10,000 websites:

1. RESTful Web Services – a popular module used

Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk

If you are using Magento to run your e-commerce website, it’s time for you to update the CMS (content management system) now.

Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento, the most popular e-commerce platform owned by eBay.

Why the Bugs are So Serious?

Virtually all versions of

XSS Vulnerability In WordPress – Update Now

The guys from WordPress just released version 4.2.3 of their software, which is mostly a security update. They “strongly encourage you to update your sites immediately.“ To do so just visit your Dashboard, click on ‘Updates’ and then on ‘Update Now’. As mentioned above you’ll only have to update manually if, for whatever reason, you decided to disable the automatic updates.

According to their blog entry the newest version contains fixes for 20 bugs from 4.2. The page also says: “WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.“

And don’t forget: Since WordPress is definitely one of the most popular Content Management Systems and blogging platforms out there it remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post XSS Vulnerability In WordPress – Update Now appeared first on Avira Blog.