Patchstack claimed there had been an authenticated cross-site scripting (XSS) vulnerability in the WordPress plugin MalCare WordPress Security Plugin. Almost no information was provided, but it is claimed that “Possible only with admin authentication.” That sounds like it there wouldn’t be a vulnerability, but we found that there was really an issue, though exploitation would have required special circumstances.

…

[Read more]