November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Reemergence of Smoke Loader
July 17, 2019Rewterz Threat Advisory – Oracle Multiple Privilege Access Vulnerabilities
July 17, 2019Rewterz Threat Alert – Reemergence of Smoke Loader
July 17, 2019Rewterz Threat Advisory – Oracle Multiple Privilege Access Vulnerabilities
July 17, 2019
Severity
High
Analysis Summary
The function check_admin_referer() is intended to protect against cross-site request forgery (CSRF) attacks by ensuring that a nonce (a one-time token used to prevent unwanted repeated, expired, or malicious requests from being processed) is present in the request. Authenticated attackers can bypass authorization checks implemented by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin for admins.
Impact
Execution of arbitrary code
Affected Vendors
WordPress
Remediation
Update to 2.4.22 version.