‼ CVE-2021-24993 ‼
📖 Read
via "National Vulnerability Database".
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25084 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress plugin before 2.5.3 does not have authorisation checks in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24839 ‼
📖 Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24880 ‼
📖 Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0149 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25103 ‼
📖 Read
via "National Vulnerability Database".
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24879 ‼
📖 Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25105 ‼
📖 Read
via "National Vulnerability Database".
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24878 ‼
📖 Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24928 ‼
📖 Read
via "National Vulnerability Database".
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24947 ‼
📖 Read
via "National Vulnerability Database".
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25004 ‼
📖 Read
via "National Vulnerability Database".
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25108 ‼
📖 Read
via "National Vulnerability Database".
The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25029 ‼
📖 Read
via "National Vulnerability Database".
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25095 ‼
📖 Read
via "National Vulnerability Database".
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25096 ‼
📖 Read
via "National Vulnerability Database".
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL📖 Read
via "National Vulnerability Database".
❌ Roaming Mantis Expands Android Backdoor to Europe ❌
📖 Read
via "Threat Post".
The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.📖 Read
via "Threat Post".
Threat Post
Roaming Mantis Expands Android Backdoor to Europe
The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.
❌ QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug ❌
📖 Read
via "Threat Post".
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.📖 Read
via "Threat Post".
Threat Post
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
‼ CVE-2022-23262 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23263 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23261 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Tampering Vulnerability.📖 Read
via "National Vulnerability Database".