Rewterz

Rewterz Threat Alert – Reemergence of Smoke Loader

July 17, 2019
Rewterz

Rewterz Threat Advisory – Oracle Multiple Privilege Access Vulnerabilities

July 17, 2019

Rewterz Threat Alert – Critical Vulnerability affecting the Ad Inserter WordPress plugin

Severity

High

Analysis Summary

The function check_admin_referer() is intended to protect against cross-site request forgery (CSRF) attacks by ensuring that a nonce (a one-time token used to prevent unwanted repeated, expired, or malicious requests from being processed) is present in the request. Authenticated attackers can bypass authorization checks implemented by the check_admin_referer() function to access the debug mode provided by the Ad Inserter plugin for admins.

Impact

Execution of arbitrary code

Affected Vendors

WordPress

Remediation

Update to 2.4.22 version.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.