‼ CVE-2022-24385 ‼
📖 Read
via "National Vulnerability Database".
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24387 ‼
📖 Read
via "National Vulnerability Database".
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24386 ‼
📖 Read
via "National Vulnerability Database".
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24384 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.📖 Read
via "National Vulnerability Database".
🕴 Governments Should Decide Who Gets to Buy Spyware 🕴
📖 Read
via "Dark Reading".
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.📖 Read
via "Dark Reading".
Dark Reading
Governments Should Decide Who Gets to Buy Spyware
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.
🗓️ Data breach at US heart disease treatment center impacts 287,000 individuals 🗓️
📖 Read
via "The Daily Swig".
South Denver Cardiology Associates admits hack📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack
‼ CVE-2022-0700 ‼
📖 Read
via "National Vulnerability Database".
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0165 ‼
📖 Read
via "National Vulnerability Database".
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0254 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0478 ‼
📖 Read
via "National Vulnerability Database".
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25006 ‼
📖 Read
via "National Vulnerability Database".
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0147 ‼
📖 Read
via "National Vulnerability Database".
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0701 ‼
📖 Read
via "National Vulnerability Database".
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0593 ‼
📖 Read
via "National Vulnerability Database".
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0703 ‼
📖 Read
via "National Vulnerability Database".
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0399 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22735 ‼
📖 Read
via "National Vulnerability Database".
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0684 ‼
📖 Read
via "National Vulnerability Database".
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0449 ‼
📖 Read
via "National Vulnerability Database".
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24996 ‼
📖 Read
via "National Vulnerability Database".
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0648 ‼
📖 Read
via "National Vulnerability Database".
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".