🕴 Cybercrime Shows No Signs of Slowing Down 🕴
📖 Read
via "Dark Reading".
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.📖 Read
via "Dark Reading".
Dark Reading
Cybercrime Shows No Signs of Slowing Down
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.
🔥3
‼ CVE-2022-2933 ‼
📖 Read
via "National Vulnerability Database".
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0062 ‼
📖 Read
via "National Vulnerability Database".
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4657 ‼
📖 Read
via "National Vulnerability Database".
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4670 ‼
📖 Read
via "National Vulnerability Database".
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4664 ‼
📖 Read
via "National Vulnerability Database".
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4826 ‼
📖 Read
via "National Vulnerability Database".
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32643 ‼
📖 Read
via "National Vulnerability Database".
In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4762 ‼
📖 Read
via "National Vulnerability Database".
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0072 ‼
📖 Read
via "National Vulnerability Database".
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4825 ‼
📖 Read
via "National Vulnerability Database".
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32642 ‼
📖 Read
via "National Vulnerability Database".
In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4756 ‼
📖 Read
via "National Vulnerability Database".
The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4384 ‼
📖 Read
via "National Vulnerability Database".
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4459 ‼
📖 Read
via "National Vulnerability Database".
The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20618 ‼
📖 Read
via "National Vulnerability Database".
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4674 ‼
📖 Read
via "National Vulnerability Database".
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20619 ‼
📖 Read
via "National Vulnerability Database".
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4838 ‼
📖 Read
via "National Vulnerability Database".
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32595 ‼
📖 Read
via "National Vulnerability Database".
In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32656 ‼
📖 Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.📖 Read
via "National Vulnerability Database".