🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.

📖 Read

via "National Vulnerability Database".
45 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9478

prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.

📖 Read

via "National Vulnerability Database".
45 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9477

The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.

📖 Read

via "National Vulnerability Database".
40 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9476

The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.

📖 Read

via "National Vulnerability Database".
40 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9475

The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.

📖 Read

via "National Vulnerability Database".
36 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9474

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

📖 Read

via "National Vulnerability Database".
35 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9473

The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.

📖 Read

via "National Vulnerability Database".
33 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9472

The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.

📖 Read

via "National Vulnerability Database".
33 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9471

The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.

📖 Read

via "National Vulnerability Database".
32 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9470

The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.

📖 Read

via "National Vulnerability Database".
32 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9469

The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.

📖 Read

via "National Vulnerability Database".
32 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9468

The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.

📖 Read

via "National Vulnerability Database".
32 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9467

The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.

📖 Read

via "National Vulnerability Database".
31 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9466

The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.

📖 Read

via "National Vulnerability Database".
34 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9465

The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.

📖 Read

via "National Vulnerability Database".
34 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9464

The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

📖 Read

via "National Vulnerability Database".
30 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9463

The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

📖 Read

via "National Vulnerability Database".
31 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9462

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.

📖 Read

via "National Vulnerability Database".
30 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9461

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.

📖 Read

via "National Vulnerability Database".
33 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9460

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.

📖 Read

via "National Vulnerability Database".
31 views
🛡 Cybersecurity & Privacy 🛡 - News
ATENTION‼ New - CVE-2015-9459

The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.

📖 Read

via "National Vulnerability Database".
30 views