βΌ CVE-2022-1684 βΌ
π Read
via "National Vulnerability Database".
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as adminπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1688 βΌ
π Read
via "National Vulnerability Database".
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injectionsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1709 βΌ
π Read
via "National Vulnerability Database".
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1241 βΌ
π Read
via "National Vulnerability Database".
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1005 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode charactersπ Read
via "National Vulnerability Database".
βΌ CVE-2017-20017 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1695 βΌ
π Read
via "National Vulnerability Database".
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1394 βΌ
π Read
via "National Vulnerability Database".
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1691 βΌ
π Read
via "National Vulnerability Database".
The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1683 βΌ
π Read
via "National Vulnerability Database".
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX actionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1421 βΌ
π Read
via "National Vulnerability Database".
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1469 βΌ
π Read
via "National Vulnerability Database".
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1689 βΌ
π Read
via "National Vulnerability Database".
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1687 βΌ
π Read
via "National Vulnerability Database".
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1424 βΌ
π Read
via "National Vulnerability Database".
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1577 βΌ
π Read
via "National Vulnerability Database".
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup scheduleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1570 βΌ
π Read
via "National Vulnerability Database".
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1422 βΌ
π Read
via "National Vulnerability Database".
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.π Read
via "National Vulnerability Database".
β Paying Ransomware Paints Bigger Bullseye on Targetβs Back β
π Read
via "Threat Post".
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.π Read
via "Threat Post".
Threat Post
Paying Ransomware Paints Bigger Bullseye on Targetβs Back
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.
β Taming the Digital Asset Tsunami β
π Read
via "Threat Post".
Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.π Read
via "Threat Post".
Threat Post
Taming the Digital Asset Tsunami
Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.
π΄ How Do We Secure Our Cities From Attack? π΄
π Read
via "Dark Reading".
Physical access matters in keeping people and buildings safe. Points to consider when establishing a physical security protocol are ways to lock down an area to keep people safe, approaches to communicate clear safety directions, and access control.π Read
via "Dark Reading".
Dark Reading
How Do We Secure Our Cities From Attack?
Physical access matters in keeping people and buildings safe. Points to consider when establishing a physical security protocol are ways to lock down an area to keep people safe, approaches to communicate clear safety directions, and access control.