πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4277 β€Ό

The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

πŸ“– Read

via "National Vulnerability Database".
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4276 β€Ό

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31209 β€Ό

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.

πŸ“– Read

via "National Vulnerability Database".
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ ICO threatens enforcement action against websites with 'harmful' cookie banners πŸ“’

Cookie banners and defaults among practices coming under greater scrutiny

πŸ“– Read

via "ITPro".
ITPro
ICO threatens enforcement action against websites with 'harmful' cookie banners
Cookie banners and defaults among practices coming under greater scrutiny
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24009 β€Ό

Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <=Γ‚ 1.1 versions.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37988 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <=Γ‚ 2.5.5 versions.

πŸ“– Read

via "National Vulnerability Database".
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23871 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <=Γ‚ 1.1.23 versions.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23798 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <=Γ‚ 1.1.9.7 versions.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23826 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <=Γ‚ 1.4.1 versions.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24389 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <=Γ‚ 2.2.3 versions.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27861 β€Ό

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <=Γ‚ 4.7.5 versions.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-44629 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <=Γ‚ 2.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26311 β€Ό

A remote code execution vulnerability in the webview component of OPPO Store app.

πŸ“– Read

via "National Vulnerability Database".
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Microsoft Patch Tuesday: 74 CVEs plus 2 β€œExploit Detected” advisories ⚠

74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023 πŸ•΄

Dark Reading News Desk returns for a second day of interviews from Black Hat USA 2023. The livestream will start at 10 a.m. PT.

πŸ“– Read

via "Dark Reading".
Dark Reading
Dark Reading News Desk at Black Hat USA 2023
Dark Reading News Desk was on air for two whole days during Black Hat USA 2023.
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep147: What if you type in your password during a meeting? ⚠

Latest episode - listen now! (Full transcript inside.)

πŸ“– Read

via "Naked Security".
Sophos News
S3 Ep147: What if you type in your password during a meeting?
Latest episode – listen now! (Full transcript inside.)
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30481 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <=Γ‚ 3.2.4 versions.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24391 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <=Γ‚ 2.5 versions.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37983 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <=Γ‚ 0.2.4 versions.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4283 β€Ό

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37069 β€Ό

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

πŸ“– Read

via "National Vulnerability Database".
129 views