๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23646 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery รขโ‚ฌโ€œ WordPress Gallery plugin <=ร‚ 1.4.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
460 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)! โš 

Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
496 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27424 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <=ร‚ 1.59 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
452 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2912 โ€ผ

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.

๐Ÿ“– Read

via "National Vulnerability Database".
465 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2959 โ€ผ

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.

๐Ÿ“– Read

via "National Vulnerability Database".
427 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31851 โ€ผ

Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.

๐Ÿ“– Read

via "National Vulnerability Database".
385 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3186 โ€ผ

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

๐Ÿ“– Read

via "National Vulnerability Database".
351 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3376 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

๐Ÿ“– Read

via "National Vulnerability Database".
299 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-36511 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <=ร‚ 1.6.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
266 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37968 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <=ร‚ 1.3.39 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
253 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2701 โ€ผ

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.

๐Ÿ“– Read

via "National Vulnerability Database".
245 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3418 โ€ผ

The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
231 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2579 โ€ผ

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
226 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35089 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <=ร‚ 8.0.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3041 โ€ผ

The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35096 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=ร‚ 2.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
210 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35880 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <=ร‚ 1.6.49 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
220 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31216 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <=ร‚ 2.6.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
213 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-36513 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <=ร‚ 5.7.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
221 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31853 โ€ผ

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.

๐Ÿ“– Read

via "National Vulnerability Database".
227 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-35038 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <=ร‚ 1.2.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
235 views