โผ CVE-2023-45062 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <=ร 2.4.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5621 โผ
๐ Read
via "National Vulnerability Database".
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-45008 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJohnny Comment Reply Email plugin <=ร 1.0.3 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25476 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic AmpedSense รขโฌโ AdSense Split Tester plugin <=ร 4.68 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3254 โผ
๐ Read
via "National Vulnerability Database".
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4938 โผ
๐ Read
via "National Vulnerability Database".
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5632 โผ
๐ Read
via "National Vulnerability Database".
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6๐ Read
via "National Vulnerability Database".
โผ CVE-2023-42319 โผ
๐ Read
via "National Vulnerability Database".
Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint [is not] designed to withstand attacks by hostile clients, nor handle huge amounts of clients/traffic.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45056 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin <=ร 1.3.26 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45059 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin <=ร 3.1.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45054 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME TOGI Product Category Tree plugin <=ร 2.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45064 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard plugin <=ร 0.3.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5538 โผ
๐ Read
via "National Vulnerability Database".
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45049 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <=ร 4.6.7 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45057 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <=ร 5.86 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45727 โผ
๐ Read
via "National Vulnerability Database".
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.๐ Read
via "National Vulnerability Database".
๐ด Data Security and Collaboration in the Modern Enterprise ๐ด
๐ Read
via "Dark Reading".
The CISO Survival Guide explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.๐ Read
via "Dark Reading".
Dark Reading
Data Security and Collaboration in the Modern Enterprise
The "CISO Survival Guide" explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.
๐ด Israeli Cybersecurity Startups: Impact of a Growing Conflict ๐ด
๐ Read
via "Dark Reading".
For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications. ๐ Read
via "Dark Reading".
Dark Reading
Israeli Cybersecurity Startups: Impact of a Growing Conflict
For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications.
๐ด Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems ๐ด
๐ Read
via "Dark Reading".
The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.๐ Read
via "Dark Reading".
Dark Reading
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems
The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.
๐ด The Need for a Cybersecurity-Centric Business Culture ๐ด
๐ Read
via "Dark Reading".
Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.๐ Read
via "Dark Reading".
Dark Reading
The Need for a Cybersecurity-Centric Business Culture
Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.
โ๏ธ The Fake Browser Update Scam Gets a Makeover โ๏ธ
๐ Read
via "Krebs on Security".
One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.๐ Read
via "Krebs on Security".
Krebs on Security
The Fake Browser Update Scam Gets a Makeover
One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research showsโฆ