WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.
Tag Archives: Cross-site request forgery
Cisco Patches Critical Bug In Video Conferencing Server Hardware
A vulnerability in Cisco’s meeting server software allows a remote attacker to masquerade as legit user.
Moxa Won’t Patch Publicly Disclosed Flaws Until August
A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to ICS-CERT.
Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw
A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user’s Outlook, Azure and Office accounts.
The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft’s OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by
Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings
French researcher Kafeine has found an exploit kit delivering cross-site request forgery attacks that focus on SOHO routers and changing DNS settings to redirect to malicious sites.
CSRF Vulnerability Patched in GoDaddy Domain Settings
A cross site request forgery vulnerability in GoDaddy domain settings has been patched two days after it was reported to the domain registrar.