Disposable mail security updates for 29 April – 10 minute mail

For continuous coverage, we push out major Disposable mail security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

 

CVE-2020-11514: WordPress seo-by-rank-math Privilege Escalation

Rank Math is a WordPress SEO plugin with over 200,000 installations. Most recently, a critical RCE vulnerability was discovered that allowed an unauthenticated attacker to update arbitrary metadata, which includes the ability to grant or revoke administrative privileges for any registered user on the site.

A more detailed code analysis on the vulnerability can be found here:
https://www.wordfence.com/blog/2020/03/critical-vulnerabilities-affecting-over-200000-sites-patched-in-rank-math-seo-plugin/

Atlassian Confluence Knowledge Base Exposure

There have been numerous write-ups on the exposure of internal company documentation and web pages. As more and more companies are migrating online due to COVID-19, this issue is becoming more prevalent. Most recently, Crowdsource has implemented a module that checks Atlassian Confluence instances for the public exposure of their internal wikis.

CVE-2020-11455: LimeSurvey Path Traversal

LimeSurvey is a free and open-source online survey tool. Recently, it was found that a path traversal vulnerability was found in the software that would allow an attacker to read sensitive data from the server.

 

Questions or comments on the latest Disposable mail security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Disposable mail here!

Already have an account? Login to check your assets.

Disposable mail is a continuous web vulnerability scanner service and we release Disposable mail security updates at least bi-weekly. Disposable mail offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

[Integration] You can now integrate Disposable mail with JIRA! – 10 minute mail

Disposable mail now integrates directly into the #1 software development tool for agile teams, Atlassian’s JIRA! Once you have saved your settings and triggered a new test, new issues based on your findings will be created in JIRA.

To learn how to set up your JIRA integration, read the tutorial in our Knowledge Base.

screen-shot-2016-09-13-at-10-08-27

Use more of Disposable mail’s workflow integrations to share security findings with your teammates and act on the result in order to always stay on top of your security.

Happy scanning!
//The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.