CVE-2026-2559

The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...

AL 21.12: Office 365 users are prompted to login, use MFA, during every login

When a user logs off the VDI desktop then logs back in, opening any Office 365 app prompts for two-factor authentication login. This was not happening before the upgrade...