‼️CVE-2023-7190‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, has been found in SCMS up to 2.0build2022052920231006. Affected by this issue is some unknown functionality of the file memberad.php?actionad. The manipulation of the argument AtextAurlAcontact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249392. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7191‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, was found in SCMS up to 2.0build2022052920231006. This affects an unknown part of the file memberreg.php. The manipulation of the argument MloginMemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249393 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52134‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress from na through 4.0.2. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52185‼️
📖 Read more
Via "National Vulnerability Database"
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup WordPress Cloud Backup, Migration, Restore Cloning Plugin.This issue affects Everest Backup WordPress Cloud Backup, Migration, Restore Cloning Plugin from na through 2.1.9. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7193‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file publicinstall.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249395. NOTE The vendor was contacted early about this disclosure but did not respond in any way.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51423‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team Webinar Plugin Create liveevergreenautomatedinstant webinars, stream Zoom Meetings WebinarIgnition.This issue affects Webinar Plugin Create liveevergreenautomatedinstant webinars, stream Zoom Meetings WebinarIgnition from na through 3.05.0. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51469‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP from na through 7.1.9.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51503‼️
📖 Read more
Via "National Vulnerability Database"
Authorization Bypass Through UserControlled Key vulnerability in Automattic WooPayments Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments Fully Integrated Solution Built and Supported by Woo from na through 6.9.2. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51547‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPManageNinja LLC Fluent Support WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support WordPress Helpdesk and Customer Support Ticket Plugin from na through 1.7.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52131‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Zinc Page Generator.This issue affects Page Generator from na through 1.7.1. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52132‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify from na through 3.1.6. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52133‼️
📖 Read more
Via "National Vulnerability Database"
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget from na through 2.5.16. 📖 Read more
Via "National Vulnerability Database"
🖋️ New JinxLoader Targeting Users with Formbook and XLoader Malware 🖋️
📖 Read
via "The Hacker News".
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader.The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks."The📖 Read
via "The Hacker News".
👍1
‼️CVE-2024-21732‼️
📖 Read more
Via "National Vulnerability Database"
FlyCms through abbaa5a allows XSS via the permission management feature.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-5877‼️
📖 Read more
Via "National Vulnerability Database"
The affiliatetoolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliatetoolkitstartertoolsatkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery SSRF issue.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6000‼️
📖 Read more
Via "National Vulnerability Database"
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6037‼️
📖 Read more
Via "National Vulnerability Database"
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored CrossSite Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6064‼️
📖 Read more
Via "National Vulnerability Database"
The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publiclyaccessible log files containing sensitive information when transactions occur.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6113‼️
📖 Read more
Via "National Vulnerability Database"
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6271‼️
📖 Read more
Via "National Vulnerability Database"
The Backup Migration WordPress plugin before 1.3.6 stores inprogress backups information in easy to find, publiclyaccessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6421‼️
📖 Read more
Via "National Vulnerability Database"
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.📖 Read more
Via "National Vulnerability Database"