โ SOVA, Worryingly Sophisticated Android Trojan, Takes Flight โ
๐ Read
via "Threat Post".
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'๐ Read
via "Threat Post".
Threat Post
SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'
โผ CVE-2021-38341 โผ
๐ Read
via "National Vulnerability Database".
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38338 โผ
๐ Read
via "National Vulnerability Database".
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38353 โผ
๐ Read
via "National Vulnerability Database".
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38339 โผ
๐ Read
via "National Vulnerability Database".
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38330 โผ
๐ Read
via "National Vulnerability Database".
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38354 โผ
๐ Read
via "National Vulnerability Database".
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38332 โผ
๐ Read
via "National Vulnerability Database".
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38329 โผ
๐ Read
via "National Vulnerability Database".
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40373 โผ
๐ Read
via "National Vulnerability Database".
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38349 โผ
๐ Read
via "National Vulnerability Database".
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38351 โผ
๐ Read
via "National Vulnerability Database".
The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38337 โผ
๐ Read
via "National Vulnerability Database".
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38340 โผ
๐ Read
via "National Vulnerability Database".
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-37414 โผ
๐ Read
via "National Vulnerability Database".
Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38352 โผ
๐ Read
via "National Vulnerability Database".
The Feedify รขโฌโ Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38359 โผ
๐ Read
via "National Vulnerability Database".
The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38355 โผ
๐ Read
via "National Vulnerability Database".
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38331 โผ
๐ Read
via "National Vulnerability Database".
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38333 โผ
๐ Read
via "National Vulnerability Database".
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38336 โผ
๐ Read
via "National Vulnerability Database".
The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.๐ Read
via "National Vulnerability Database".