π΄ Proposed SEC Rules Require More Transparency About Cyber-Risk π΄
π Read
via "Dark Reading".
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.π Read
via "Dark Reading".
Dark Reading
Proposed SEC Rules Require More Transparency About Cyber-Risk
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.
π΄ New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials π΄
π Read
via "Dark Reading".
Scams pressure victims to "resolve an issue that could impact their status, business."π Read
via "Dark Reading".
Dark Reading
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials
Scams pressure victims to "resolve an issue that could impact their status, business."
π΄ Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better π΄
π Read
via "Dark Reading".
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.π Read
via "Dark Reading".
Dark Reading
Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams moreβ¦
βΌ CVE-2022-1057 βΌ
π Read
via "National Vulnerability Database".
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1910 βΌ
π Read
via "National Vulnerability Database".
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2091 βΌ
π Read
via "National Vulnerability Database".
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2093 βΌ
π Read
via "National Vulnerability Database".
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1951 βΌ
π Read
via "National Vulnerability Database".
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2050 βΌ
π Read
via "National Vulnerability Database".
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1599 βΌ
π Read
via "National Vulnerability Database".
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1546 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1952 βΌ
π Read
via "National Vulnerability Database".
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2089 βΌ
π Read
via "National Vulnerability Database".
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2123 βΌ
π Read
via "National Vulnerability Database".
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1732 βΌ
π Read
via "National Vulnerability Database".
The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1757 βΌ
π Read
via "National Vulnerability Database".
The Pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1894 βΌ
π Read
via "National Vulnerability Database".
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2092 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1220 βΌ
π Read
via "National Vulnerability Database".
The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1576 βΌ
π Read
via "National Vulnerability Database".
The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1956 βΌ
π Read
via "National Vulnerability Database".
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.π Read
via "National Vulnerability Database".