‼ CVE-2023-30779 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <=Â 1.5.51 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30785 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <=Â 1.21 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4241 ‼
📖 Read
via "National Vulnerability Database".
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30786 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <=Â 1.3.3 versions.📖 Read
via "National Vulnerability Database".
🕴 QR Code Phishing Campaign Targets Top US Energy Company 🕴
📖 Read
via "Dark Reading".
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.📖 Read
via "Dark Reading".
Dark Reading
QR Code Phishing Campaign Targets Top US Energy Company
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.
🕴 Iran and the Rise of Cyber-Enabled Influence Operations 🕴
📖 Read
via "Dark Reading".
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.📖 Read
via "Dark Reading".
Dark Reading
Iran and the Rise of Cyber-Enabled Influence Operations
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.
🕴 Boards Don't Want Security Promises — They Want Action 🕴
📖 Read
via "Dark Reading".
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes. 📖 Read
via "Dark Reading".
Dark Reading
Boards Don't Want Security Promises — They Want Action
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes.
‼ CVE-2023-32494 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4782 ‼
📖 Read
via "National Vulnerability Database".
The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2271 ‼
📖 Read
via "National Vulnerability Database".
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1977 ‼
📖 Read
via "National Vulnerability Database".
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4381 ‼
📖 Read
via "National Vulnerability Database".
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0274 ‼
📖 Read
via "National Vulnerability Database".
The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0058 ‼
📖 Read
via "National Vulnerability Database".
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0551 ‼
📖 Read
via "National Vulnerability Database".
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2225 ‼
📖 Read
via "National Vulnerability Database".
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1465 ‼
📖 Read
via "National Vulnerability Database".
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1110 ‼
📖 Read
via "National Vulnerability Database".
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2254 ‼
📖 Read
via "National Vulnerability Database".
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26037 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2123 ‼
📖 Read
via "National Vulnerability Database".
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".