Overview
WordPress, an open-source platform used to create and manage websites, has reported a critical vulnerability in the Essential Addons for Elementor plugin in versions up to and including 5.7.1. This vulnerability (CVE-2023-32243) has been rated as 9.8 on the CVSS scale and allows unauthenticated arbitrary password resets. This means that hackers, who do not have proper authorisation, can potentially reset a password of a user on a website that uses this plugin. The hacker only needs an email address and username associated with the targeted account.
VMWare has addressed four high-severity vulnerabilities in VMWare Aria Operations and Cloud Foundation.
SAP has released security updates addressing critical and high vulnerabilities for multiple products.
Microsoft has released its scheduled updates for Edge, Office, Sharepoint, Word, and Teams and multiple platforms.
Recommended Action
Organisations are encouraged to review the appropriate security and advisory pages and apply any recommended updates:
WordPress – Wordfence Intelligence
VMWare – Security Advisories
SAP – Security Patch Day document
Microsoft – Release Notes and Security Update Guide
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.