βΌ CVE-2022-1951 βΌ
π Read
via "National Vulnerability Database".
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2050 βΌ
π Read
via "National Vulnerability Database".
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1599 βΌ
π Read
via "National Vulnerability Database".
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1546 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1952 βΌ
π Read
via "National Vulnerability Database".
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2089 βΌ
π Read
via "National Vulnerability Database".
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2123 βΌ
π Read
via "National Vulnerability Database".
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1732 βΌ
π Read
via "National Vulnerability Database".
The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1757 βΌ
π Read
via "National Vulnerability Database".
The Pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1894 βΌ
π Read
via "National Vulnerability Database".
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2092 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1220 βΌ
π Read
via "National Vulnerability Database".
The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1576 βΌ
π Read
via "National Vulnerability Database".
The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1956 βΌ
π Read
via "National Vulnerability Database".
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1626 βΌ
π Read
via "National Vulnerability Database".
The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of themπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1474 βΌ
π Read
via "National Vulnerability Database".
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
π GNU Privacy Guard 2.2.36 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.36 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Falco 0.32.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.32.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.3.7 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Post-quantum cryptography hits standardization milestone ποΈ
π Read
via "The Daily Swig".
Green light for four βfuture-proofedβ encryption technologiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Post-quantum cryptography hits standardization milestone
Green light for four βfuture-proofedβ encryption technologies
π2
π΄ Omdia: Sustainability Ranks Top on Data Center Operatorsβ Agendas Despite Cost and Reliability Barriers π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Omdia: Sustainability Ranks Top on Data Center Operatorsβ Agendas Despite Cost and Reliability Barriers