🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Bring Your Own Key — A Placebo? 🕴

BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.

📖 Read

via "Dark Reading".
Dark Reading
Bring Your Own Key — A Placebo?
BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.
553 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3490 ‼

The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present

📖 Read

via "National Vulnerability Database".
470 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2311 ‼

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

📖 Read

via "National Vulnerability Database".
411 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3822 ‼

The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

📖 Read

via "National Vulnerability Database".
375 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3601 ‼

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

📖 Read

via "National Vulnerability Database".
337 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-25059 ‼

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

📖 Read

via "National Vulnerability Database".
322 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3828 ‼

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

📖 Read

via "National Vulnerability Database".
307 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38900 ‼

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36193 ‼

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

📖 Read

via "National Vulnerability Database".
299 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3848 ‼

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin

📖 Read

via "National Vulnerability Database".
287 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3839 ‼

The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3769 ‼

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3768 ‼

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author

📖 Read

via "National Vulnerability Database".
265 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3610 ‼

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

📖 Read

via "National Vulnerability Database".
273 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3847 ‼

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack

📖 Read

via "National Vulnerability Database".
279 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3849 ‼

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin

📖 Read

via "National Vulnerability Database".
283 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3823 ‼

The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

📖 Read

via "National Vulnerability Database".
291 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3850 ‼

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

📖 Read

via "National Vulnerability Database".
298 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3689 ‼

The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

📖 Read

via "National Vulnerability Database".
314 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-3865 ‼

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin

📖 Read

via "National Vulnerability Database".
326 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4020 ‼

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

📖 Read

via "National Vulnerability Database".
351 views