๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41850 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <=ร‚ 1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
387 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-44259 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <=ร‚ 2.10.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
371 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41854 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <=ร‚ 1.5.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
365 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41853 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <=ร‚ 1.0.3 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
293 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41858 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <=ร‚ 1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
238 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41851 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <=ร‚ 1.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
233 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-44257 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <=ร‚ 1.7.6 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
208 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41852 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch รขโ‚ฌโ€œ Grow your Email List plugin <=ร‚ 3.1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
194 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-45208 โ€ผ

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.

๐Ÿ“– Read

via "National Vulnerability Database".
200 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41694 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <=ร‚ 1.0.3 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
186 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-5468 โ€ผ

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

๐Ÿ“– Read

via "National Vulnerability Database".
217 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-5467 โ€ผ

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
271 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41730 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <=ร‚ 1.22.3.31 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
292 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41876 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <=ร‚ 1.0.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
288 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41697 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <=ร‚ 1.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
303 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4837 โ€ผ

** UNSUPPPORTED WHEN ASSIGNED ** SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.

๐Ÿ“– Read

via "National Vulnerability Database".
273 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37194 โ€ผ

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.

๐Ÿ“– Read

via "National Vulnerability Database".
268 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-36380 โ€ผ

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

๐Ÿ“– Read

via "National Vulnerability Database".
209 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-44261 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <=ร‚ 3.3 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
162 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-44085 โ€ผ

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

๐Ÿ“– Read

via "National Vulnerability Database".
167 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-45204 โ€ผ

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)

๐Ÿ“– Read

via "National Vulnerability Database".
139 views