Overview
Wordpress: a critical-severity flaw has been discovered in Wordpress’s Social Login and Register plugin. This flaw could allow someone to gain access to any Wordpress account, including an admin account, if this person knows the account’s email address.
FortiNAC: Fortinet has reported critical- and medium-severity vulnerabilities in FortiNAC. The critical vulnerability may allow an unauthenticated user to execute code or commands using a specifically-crafted request to the TCP/1050 service.
vCenter Server and Cloud Foundation: VMWare has reported five vulnerabilities in vCenter Server and Cloud Foundation. Vulnerability CVE-2023-20892 has a CVSS rating of 8.1 and is categorised as ‘important’.
BIND9: the ISC (Internet Systems Consortium) has released a security update to fix three high-severity vulnerabilities in its DNS system, BIND 9,that could denial-of-service conditions.
Recommended Action
Organisations are encouraged to review the appropriate security-advisory pages and apply the updates:
Wordpress – Wordfence blog
Fortinet – PSIRT Advisories
VMware – Security Advisories
ISC – Security Vulnerability Matrix
Interested in cyber-security? Join us on the 4th October at CYBERISLE
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.