Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
Wordfence disclosed a critical unauthenticated account-destruction bug in `WP DSGVO Tools (GDPR)` <=3.1.38 that irreversibly anonymizes non-admin users via a crafted AJAX request.
Wordfence disclosed a High-severity unauthenticated arbitrary-method-call flaw in the WordPress `reviewx` plugin (`<= 2.2.12`), potentially enabling information disclosure or limited RCE.
Wordfence published a High-severity unauthenticated time-based SQL injection in the WordPress `WP Maps` plugin (`wp-google-map-plugin`) affecting versions up to 4.9.1, enabling remote database data extraction.