📢 Breach at US Transportation Department exposes 240,000 employee records 📢
📖 Read
via "ITPro".
An investigation is underway into the breach, which affected former and current employee data 📖 Read
via "ITPro".
IT Pro
Breach at US Transportation Department exposes 240,000 employee records
An investigation is underway into the breach, which affected former and current employee data
🕴 Microsoft Advisories Are Getting Worse 🕴
📖 Read
via "Dark Reading".
A predictable patch cadence is nice, but the software giant can do more.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Advisories Are Getting Worse
A predictable patch cadence is nice, but the software giant can do more.
🕴 TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline 🕴
📖 Read
via "Dark Reading".
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.📖 Read
via "Dark Reading".
Dark Reading
TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.
‼ CVE-2023-1549 ‼
📖 Read
via "National Vulnerability Database".
The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23688 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=Â 4.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23674 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <=Â 2.4.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0762 ‼
📖 Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1915 ‼
📖 Read
via "National Vulnerability Database".
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0644 ‼
📖 Read
via "National Vulnerability Database".
The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0600 ‼
📖 Read
via "National Vulnerability Database".
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1890 ‼
📖 Read
via "National Vulnerability Database".
The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1596 ‼
📖 Read
via "National Vulnerability Database".
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0892 ‼
📖 Read
via "National Vulnerability Database".
The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31986 ‼
📖 Read
via "National Vulnerability Database".
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2179 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0490 ‼
📖 Read
via "National Vulnerability Database".
The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0761 ‼
📖 Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0233 ‼
📖 Read
via "National Vulnerability Database".
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2009 ‼
📖 Read
via "National Vulnerability Database".
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23654 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <=Â 3.2.5 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0763 ‼
📖 Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack📖 Read
via "National Vulnerability Database".