🕴 Governments Should Decide Who Gets to Buy Spyware 🕴
📖 Read
via "Dark Reading".
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.📖 Read
via "Dark Reading".
Dark Reading
Governments Should Decide Who Gets to Buy Spyware
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.
🗓️ Data breach at US heart disease treatment center impacts 287,000 individuals 🗓️
📖 Read
via "The Daily Swig".
South Denver Cardiology Associates admits hack📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack
‼ CVE-2022-0700 ‼
📖 Read
via "National Vulnerability Database".
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0165 ‼
📖 Read
via "National Vulnerability Database".
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0254 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0478 ‼
📖 Read
via "National Vulnerability Database".
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25006 ‼
📖 Read
via "National Vulnerability Database".
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0147 ‼
📖 Read
via "National Vulnerability Database".
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0701 ‼
📖 Read
via "National Vulnerability Database".
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0593 ‼
📖 Read
via "National Vulnerability Database".
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0703 ‼
📖 Read
via "National Vulnerability Database".
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0399 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22735 ‼
📖 Read
via "National Vulnerability Database".
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0684 ‼
📖 Read
via "National Vulnerability Database".
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0449 ‼
📖 Read
via "National Vulnerability Database".
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24996 ‼
📖 Read
via "National Vulnerability Database".
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0648 ‼
📖 Read
via "National Vulnerability Database".
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0248 ‼
📖 Read
via "National Vulnerability Database".
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24575 ‼
📖 Read
via "National Vulnerability Database".
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41952 ‼
📖 Read
via "National Vulnerability Database".
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22734 ‼
📖 Read
via "National Vulnerability Database".
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them📖 Read
via "National Vulnerability Database".