‼️CVE-2023-7184‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in 7card Fakabao up to 1.0build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shopnotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB249386 is the identifier assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7185‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in 7card Fakabao up to 1.0build20230805. It has been classified as critical. This affects an unknown part of the file shopwxpaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249387. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7186‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in 7card Fakabao up to 1.0build20230805. It has been declared as critical. This vulnerability affects unknown code of the file membernotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249388. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7187‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in Totolink N350RT 9.3.5u.6139B20201216. It has been rated as critical. This issue affects some unknown processing of the file cgibincstecgi.cgi?actionloginflagie8 of the component HTTP POST Request Handler. The manipulation leads to stackbased buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB249389 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7188‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file memberlogin.php. The manipulation of the argument Mpwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB249390 is the identifier assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7189‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability classified as critical was found in SCMS up to 2.0build2022052920231006. Affected by this vulnerability is an unknown functionality of the file sindex.php?actionstatistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249391. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7190‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, has been found in SCMS up to 2.0build2022052920231006. Affected by this issue is some unknown functionality of the file memberad.php?actionad. The manipulation of the argument AtextAurlAcontact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249392. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7191‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, was found in SCMS up to 2.0build2022052920231006. This affects an unknown part of the file memberreg.php. The manipulation of the argument MloginMemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249393 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52134‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress from na through 4.0.2. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52185‼️
📖 Read more
Via "National Vulnerability Database"
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup WordPress Cloud Backup, Migration, Restore Cloning Plugin.This issue affects Everest Backup WordPress Cloud Backup, Migration, Restore Cloning Plugin from na through 2.1.9. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7193‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file publicinstall.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249395. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51423‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team Webinar Plugin Create liveevergreenautomatedinstant webinars, stream Zoom Meetings WebinarIgnition.This issue affects Webinar Plugin Create liveevergreenautomatedinstant webinars, stream Zoom Meetings WebinarIgnition from na through 3.05.0. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51469‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP from na through 7.1.9.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51503‼️
📖 Read more
Via "National Vulnerability Database"
Authorization Bypass Through UserControlled Key vulnerability in Automattic WooPayments Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments Fully Integrated Solution Built and Supported by Woo from na through 6.9.2. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51547‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPManageNinja LLC Fluent Support WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support WordPress Helpdesk and Customer Support Ticket Plugin from na through 1.7.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52131‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Zinc Page Generator.This issue affects Page Generator from na through 1.7.1. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52132‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify from na through 3.1.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52133‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget from na through 2.5.16. 📖 Read more
Via "National Vulnerability Database"
🖋️ New JinxLoader Targeting Users with Formbook and XLoader Malware 🖋️
📖 Read
via "The Hacker News".
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader.The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks."The📖 Read
via "The Hacker News".
👍1
‼️CVE-2024-21732‼️
📖 Read more
Via "National Vulnerability Database"
FlyCms through abbaa5a allows XSS via the permission management feature.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-5877‼️
📖 Read more
Via "National Vulnerability Database"
The affiliatetoolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliatetoolkitstartertoolsatkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery SSRF issue.📖 Read more
Via "National Vulnerability Database"