Ten disclosures since last week, with two issues unfixed.
View this week’s vulnerable plugins list.
Came across a fun little security testing playground. Allows you to spin up multiple vulnerable applications to practice security concepts and exploits and provide first-hand experience. Each one has an explanation of the vulnerabilities in the environments and links out to more information. Right now it includes WebGoat, DVWA, Juice Shop, SQLi Labs, and WordPress at version 4.8 which contained a SQL Injection vulnerability. You’re limited to 11 minutes (don’t sign in when prompted), but that should give you enough time to play around and practice some of the techniques. There isn’t anything here you couldn’t do by spinning up a docker container of one of these environments and using that, but it’s quick easy, and for now, free.
Last, I know several of you run Moodle on your campus. Please be aware that versions before 3.5.0 are vulnerable to a Remote Code Execution vulnerability that was disclosed earlier this week.