🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2933 ‼

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0062 ‼

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

📖 Read

via "National Vulnerability Database".
225 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4657 ‼

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
183 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4670 ‼

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4664 ‼

The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4826 ‼

The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

📖 Read

via "National Vulnerability Database".
154 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32643 ‼

In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.

📖 Read

via "National Vulnerability Database".
147 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4762 ‼

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0072 ‼

The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

📖 Read

via "National Vulnerability Database".
138 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4825 ‼

The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

📖 Read

via "National Vulnerability Database".
145 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32642 ‼

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.

📖 Read

via "National Vulnerability Database".
140 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4756 ‼

The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

📖 Read

via "National Vulnerability Database".
138 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4384 ‼

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

📖 Read

via "National Vulnerability Database".
122 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4459 ‼

The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20618 ‼

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4674 ‼

The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

📖 Read

via "National Vulnerability Database".
123 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-20619 ‼

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.

📖 Read

via "National Vulnerability Database".
124 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-4838 ‼

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

📖 Read

via "National Vulnerability Database".
131 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32595 ‼

In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.

📖 Read

via "National Vulnerability Database".
128 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32656 ‼

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.

📖 Read

via "National Vulnerability Database".
130 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-0686 ‼

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability.

📖 Read

via "National Vulnerability Database".
127 views