For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
CVE-2020-11514: WordPress seo-by-rank-math Privilege Escalation
Rank Math is a WordPress SEO plugin with over 200,000 installations. Most recently, a critical RCE vulnerability was discovered that allowed an unauthenticated attacker to update arbitrary metadata, which includes the ability to grant or revoke administrative privileges for any registered user on the site.
A more detailed code analysis on the vulnerability can be found here:
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/
Atlassian Confluence Knowledge Base Exposure
There have been numerous write-ups on the exposure of internal company documentation and web pages. As more and more companies are migrating online due to COVID-19, this issue is becoming more prevalent. Most recently, Crowdsource has implemented a module that checks Atlassian Confluence instances for the public exposure of their internal wikis.
CVE-2020-11455: LimeSurvey Path Traversal
LimeSurvey is a free and open-source online survey tool. Recently, it was found that a path traversal vulnerability was found in the software that would allow an attacker to read sensitive data from the server.
Questions or comments on the latest Detectify security updates? Let us know in the comments below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.
Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!