Critical Vulnerability in WordPress Plugin Puts Thousands of Websites at Risk

Thousands of WordPress sites are vulnerable to takeover through a critical flaw in a widely used user registration plugin. Although the developer has released an update, most websites have not yet installed it. The vulnerability resides in the User Registration plugin, which allows WordPress sites to customize user registration pages and create user profile pages. Over 60,000 WordPress sites rely on this plugin.

Read more

VMware Issues Warning About Exploit for Critical Vulnerability in Aria Operations for Logs

VMware has issued a cautionary notice to organizations regarding the discovery of an exploit for a critical vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs, a log analysis tool previously known as vRealize Log Insight. Just last month, VMware reported actively exploiting another security flaw in the software. The appearance of the exploit code has now increased the likelihood of abuse of CVE-2023-20864.

Read more