πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9425

The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter.

πŸ“– Read

via "National Vulnerability Database".
35 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9424

The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter.

πŸ“– Read

via "National Vulnerability Database".
33 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9423

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.

πŸ“– Read

via "National Vulnerability Database".
31 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9422

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters.

πŸ“– Read

via "National Vulnerability Database".
30 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9421

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.

πŸ“– Read

via "National Vulnerability Database".
32 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9420

The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.

πŸ“– Read

via "National Vulnerability Database".
31 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9419

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.

πŸ“– Read

via "National Vulnerability Database".
33 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.

πŸ“– Read

via "National Vulnerability Database".
32 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9417

The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.

πŸ“– Read

via "National Vulnerability Database".
32 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9416

The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.

πŸ“– Read

via "National Vulnerability Database".
34 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.

πŸ“– Read

via "National Vulnerability Database".
35 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9414

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.

πŸ“– Read

via "National Vulnerability Database".
39 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9413

The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.

πŸ“– Read

via "National Vulnerability Database".
41 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9412

The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter.

πŸ“– Read

via "National Vulnerability Database".
45 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9411

The Postmatic plugin before 1.4.6 for WordPress has XSS.

πŸ“– Read

via "National Vulnerability Database".
46 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9411

The Postmatic plugin before 1.4.6 for WordPress has XSS.

πŸ“– Read

via "National Vulnerability Database".
47 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2015-9410

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.

πŸ“– Read

via "National Vulnerability Database".
48 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Vimeo sued for storing faceprints of people without their say-so ⚠

The suit was filed under BIPA, the Illinois law that requires written consent to grab people's faceprints - the same law Facebook's battling.

πŸ“– Read

via "Naked Security".
Naked Security
Vimeo sued for storing faceprints of people without their say-so
The suit was filed under BIPA, the Illinois law that requires written consent to grab people’s faceprints – the same law Facebook’s battling.
50 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Update ColdFusion now! Emergency patch for critical flaws ⚠

Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of β€˜critical’.

πŸ“– Read

via "Naked Security".
Naked Security
Update ColdFusion now! Emergency patch for critical flaws
Adobe has rushed out fixes for three vulnerabilities in its ColdFusion web development platform, two of which have been given the top billing of β€˜critical’.
52 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Russian pleads guilty in massive JPMorgan hacking scheme ⚠

Andrei Tyurin is the first to be convicted in one of the largest thefts of customer data from a single US financial institution in history.

πŸ“– Read

via "Naked Security".
Naked Security
Russian pleads guilty in massive JPMorgan hacking scheme
Andrei Tyurin is the first to be convicted in one of the largest thefts of customer data from a single US financial institution in history.
49 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Hackers are infecting WordPress sites via a defunct plug-in ⚠

If you're a Wordpress admin using a plug-in called Rich Reviews, you'll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running Wordpress and redirect visitors to other sites.

πŸ“– Read

via "Naked Security".
Naked Security
Hackers are infecting WordPress sites via a defunct plug-in
If you’re a Wordpress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now.
48 views