๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41561 โ€ผ

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.

๐Ÿ“– Read

via "National Vulnerability Database".
165 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32802 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=ร‚ 1.9.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
182 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33320 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <=ร‚ 1.5.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
213 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41555 โ€ผ

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.

๐Ÿ“– Read

via "National Vulnerability Database".
238 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25019 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <=ร‚ 3.0.9 versions

๐Ÿ“– Read

via "National Vulnerability Database".
244 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32962 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite รขโ‚ฌโ€œ Wishlist for WooCommerce plugin <=ร‚ 1.3.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
266 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Should Senior IT Professionals Be Accountable for Professional Decisions? ๐Ÿ•ด

Everyone makes mistakes โ€” but what if your mistakes risk the security of millions of people?

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Should Senior IT Professionals Be Accountable for Professional Decisions?
Everyone makes mistakes โ€” but what if your mistakes risk the security of millions of people?
287 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ iOS 16 Cheat Sheet: Complete Guide for 2023 ๐Ÿฆฟ

Learn about the features available with iOS 16 and how to download and install the latest version of Apple's mobile operating system.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
iOS 16 Cheat Sheet: Complete Guide for 2023
Learn about the features available with iOS 16 and how to download and install the latest version of Apple's mobile operating system.
โค1
260 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34176 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <=ร‚ 1.2.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
238 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3992 โ€ผ

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

๐Ÿ“– Read

via "National Vulnerability Database".
210 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34172 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <=ร‚ 3.0.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
192 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4013 โ€ผ

The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

๐Ÿ“– Read

via "National Vulnerability Database".
177 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34032 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <=ร‚ 1.0.12 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
168 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34023 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <=ร‚ 3.0.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
160 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-1601 โ€ผ

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.

๐Ÿ“– Read

via "National Vulnerability Database".
155 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1982 โ€ผ

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

๐Ÿ“– Read

via "National Vulnerability Database".
150 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-34184 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <=ร‚ 3.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
149 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3356 โ€ผ

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

๐Ÿ“– Read

via "National Vulnerability Database".
147 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4209 โ€ผ

The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
145 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3720 โ€ผ

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.

๐Ÿ“– Read

via "National Vulnerability Database".
146 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4036 โ€ผ

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones

๐Ÿ“– Read

via "National Vulnerability Database".
146 views