Cybersecurity Updates For Week 5 of 2022

Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution – CVE-2022-44142

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

Read more:

Libexpat CVE-2022-23852 & CVE-2022-23990

Two vulnerabilities have been found in Libexpat, this is a well known used XML parser in devices such as loadbalancers.
So make sure to double check if your vendor is affected and has updated.

Read more:

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series, make sure to read the security advisory from ciso and update as soon as possible.

Read More:

Other news worth mentioning:

Google Patches 27 Vulnerabilities With Release of Chrome 98
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Linux kernel patches “performance can be harmful” bug in video driver

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more


Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

WordPress 4.0.1 – Critical security release

The WordPress 4.0.1 security update has been released today, which addresses 8 security flaws including cross-site scripting (XSS) and denial of service exploits. In addition, 23 bugs in the 4.0 release have been fixed.

It is highly recommended that anyone running WordPress have their installations updated as soon as possible.

Further information can be found at:

WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal have been patched for, amongst other things, a vulnerability that allows an attacker to take down a WordPress or Drupal site.

The PHP XML parser used by both projects has a XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

Users of WordPress should upgrade to 3.9.2 as soon as possible:

More information:

Your WordPress installation can be used in Denial of Service attacks

One of our employees at Basefarm, Senghan Bright, is the System Manager for WordPress here at Basefarm. Here is some information from him:

Due to a setting that is enabled by default on WordPress, there’s an exploit that can be used to send a request to a target domain using the WordPress site as a proxy.
With enough WordPress installations at your disposal, scripted requests from them collectively is enough to perform a denial of service.

Whilst this is not a new vulnerability, the amount of media attention this exploit has got in recent days brought it to my attention, and the raised awareness means the likelihood of this being used in the wild will have substantially increased:

These two sites go into a little more detail on how to the API is used to perform the exploit:

I’ve tested some proof-of-concept code on a few test WordPress installations, and observed the API successfully send requests out to a target site, with the source appearing to be thetest WordPress installation with its IP.
There are various methods to disable the exploit. Being that the API has a lot of perfectly valid functionality that customers may use on their sites, the least destructive method is to install the following WordPress plugin:

This disables the specific exploitable function, whilst leaving the rest of the API working as normal.

WordPress 3.7 “Basie”

WordPress 3.7 has now been released and it includes quite a few updates that are related to security and maintenance.

More information:

WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340.

More information:

WordPress 3.5.2 Maintenance and Security Release

There’s a new security and maintenance release for WordPress released (3.5.2) available, fixing 12 bugs.
To quote WordPress;

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

More information:

High Risk WordPress Super Cache and W3 Total Cache vulnerability

A vulnerability for the very popular cache plugin “W3 Total Cache” has been made public. It’s advised that those who are using WordPress to check if they have this plugin – and if they have the latest version or not.
It turns out that this also affects WP Super Cache. Both of these account for about 6.5 million downloads, and about 90% of all installations running cache on their wordpress installations use either of these.
The issue comes with blogs that have comments enabled and aren’t using a third party system like Disqus.

To test if you’re affected you can add a comment like this:
<!–mfunc echo PHP_VERSION; –><!–/mfunc–>

This should, if you don’t have the latest version of WP Super Cache or W3 Total Cache, show the version of your PHP which means the installation can be exploited.

The W3 Total Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server.
W3 Total Cache is vulnerable. Other versions may also be affected.

More information:

WordPress sites targeted by brute-force botnet attack

There is a botnet consisting of more than 90 000 hosts crawling and brute-force attacking (using the following list: WordPress installations. Because of this, it’s important that you make sure your WordPress installation is secure.

We strongly advise all users to delete the “admin” account after adding another administrator, adding 2-factor authentication such as and have a look at

On top of that is the obvious to make sure you have your WordPress Core and Plugins up to date.

More information: