MODX Security Vulnerability

Ironically, on the same day I received the recent MODX security alert (the first one in a long time) about the 2.6.x versions , I got this message from the host of a WordPress site I built for a friend (I've removed the domain information and details). I updated the site not that long ago. I get these all the time:

It appears patches are available for application(s) installed in the following path(s):

Privilege escalation vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

Privilege escalation vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Code injection vulnerability in WordPress

Code injection vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

If you are working with a development partner, please forward this email on to them as they will be able to take care of the update for you. Otherwise, we will automatically apply the above patches within seven days.

Phpthumbs... I tell you what... My rant from 4 years ago: https://forums.modx.com/thread/?thread=89090&page=1

Update...

https://forums.modx.com/thread/104072/security-issue-with-gallery-extra-below-1-7-1 [ed. note: mrhaw last edited this post 6 years, 9 months ago.]

Quote from: BobRay at Jul 15, 2018, 03:46 AM

Ironically, on the same day I received the recent MODX security alert (the first one in a long time) about the 2.6.x versions , I got this message from the host of a WordPress site I built for a friend (I've removed the domain information and details). I updated the site not that long ago. I get these all the time:

It appears patches are available for application(s) installed in the following path(s):

Privilege escalation vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

Privilege escalation vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Code injection vulnerability in WordPress

Code injection vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

If you are working with a development partner, please forward this email on to them as they will be able to take care of the update for you. Otherwise, we will automatically apply the above patches within seven days.

Yep... we whine about MODX's recent vulnerability, but for Wordpress it is a constant!