π’ Build vs. buy: Is managing Customer Identity slowing your time to market? π’
π Read
via "ITPro".
Why identity should be top of mindπ Read
via "ITPro".
ITPro
Build vs. buy: Is managing Customer Identity slowing your time to market?
Why identity should be top of mind
π΄ Top 5 Data Security RSAC 2023 Sessions to Attend π΄
π Read
via "Dark Reading".
A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.π Read
via "Dark Reading".
Dark Reading
Top 5 Data Security RSAC 2023 Sessions to Attend
A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.
β FBI and FCC warn about βJuicejackingβ β but just how useful is their advice? β
π Read
via "Naked Security".
USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?π Read
via "Naked Security".
Naked Security
FBI and FCC warn about βJuicejackingβ β but just how useful is their advice?
USB charging stations β can you trust them? What are the real risks, and how can you keep your data safe on the road?
βΌ CVE-2023-1331 βΌ
π Read
via "National Vulnerability Database".
The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27844 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0277 βΌ
π Read
via "National Vulnerability Database".
The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0765 βΌ
π Read
via "National Vulnerability Database".
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0764 βΌ
π Read
via "National Vulnerability Database".
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1473 βΌ
π Read
via "National Vulnerability Database".
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1427 βΌ
π Read
via "National Vulnerability Database".
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1282 βΌ
π Read
via "National Vulnerability Database".
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44726 βΌ
π Read
via "National Vulnerability Database".
The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1274 βΌ
π Read
via "National Vulnerability Database".
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1413 βΌ
π Read
via "National Vulnerability Database".
The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1723 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1371 βΌ
π Read
via "National Vulnerability Database".
The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access themπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0889 βΌ
π Read
via "National Vulnerability Database".
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administratorπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1325 βΌ
π Read
via "National Vulnerability Database".
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1373 βΌ
π Read
via "National Vulnerability Database".
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0367 βΌ
π Read
via "National Vulnerability Database".
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-27733 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.π Read
via "National Vulnerability Database".