‼ CVE-2023-0313 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0308 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-0315 ‼
📖 Read
via "National Vulnerability Database".
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0316 ‼
📖 Read
via "National Vulnerability Database".
Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4890 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The name of the patch is b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387.📖 Read
via "National Vulnerability Database".
🗓️ Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach 🗓️
📖 Read
via "The Daily Swig".
How the build pipeline was compromised📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Squaring the CircleCI: DevOps platform publishes post-mortem on recent breach
How the build pipeline was compromised
⚠ Multi-million investment scammers busted in four-country Europol raid ⚠
📖 Read
via "Naked Security".
216 questioned, 15 arrested, 4 fake call centres searched, millions seized...📖 Read
via "Naked Security".
Naked Security
Multi-million investment scammers busted in four-country Europol raid
216 questioned, 15 arrested, 4 fake call centres searched, millions seized…
👍1
‼ CVE-2022-4482 ‼
📖 Read
via "National Vulnerability Database".
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4060 ‼
📖 Read
via "National Vulnerability Database".
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3904 ‼
📖 Read
via "National Vulnerability Database".
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4469 ‼
📖 Read
via "National Vulnerability Database".
The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4653 ‼
📖 Read
via "National Vulnerability Database".
The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4449 ‼
📖 Read
via "National Vulnerability Database".
The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4478 ‼
📖 Read
via "National Vulnerability Database".
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4442 ‼
📖 Read
via "National Vulnerability Database".
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4484 ‼
📖 Read
via "National Vulnerability Database".
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4464 ‼
📖 Read
via "National Vulnerability Database".
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4295 ‼
📖 Read
via "National Vulnerability Database".
The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4578 ‼
📖 Read
via "National Vulnerability Database".
The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4460 ‼
📖 Read
via "National Vulnerability Database".
The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4547 ‼
📖 Read
via "National Vulnerability Database".
The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.📖 Read
via "National Vulnerability Database".