Accept Stripe Donation – AidWP Security Vulnerabilities

Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid. @Gwen001 has scripted the entire process available here and it can be found here Table of Contents ABTasty API Key Algolia API key Amplitude API Keys Asana Access token AWS...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation...

CVE-2021-24554

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection...

CVE-2021-24554

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection...

CVE-2021-24531

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in...

Cross site scripting

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in...

Cross site scripting

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation...

Sql injection

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection...

CVE-2021-24554 Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection...

CVE-2021-24531 Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The Charitable – Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation...

CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in...

Unbreakable Enterprise kernel security update

[4.14.35-2047.506.8] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.506.8.el7] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

uListing < 2.0.6 - Settings Update via CSRF

A Settings Update via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens [ https://codex.wordpress.org/WordPress_Nonces...

uListing < 2.0.6 - Settings Update via CSRF

A Settings Update via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens [ https://codex.wordpress.org/WordPress_Nonces ]. PoC PoC #1 | CSRF | Main Settings Update: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: [admin cookies] User-Agent: Mozilla/5.0.....

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form (ie...

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in...

WordPress Paytm plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection (SQLi) vulnerability discovered by Shreya Pohekar in WordPress Paytm plugin (versions &lt;= 1.3.2). Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security...

Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue PoC GET...

Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection...

Stripe: Without verifying email and activate account, user can perform all action which are not supposed to be done

A researcher discovered that it was possible to access a subset of livemode dashboard functionality without verifying the account's email address. The livemode functionality in question was disabled in the UI, but could be accessed on the backend. Following this report, Stripe performed an...

ID theft ghouls targeting Surfside victims is appalling, but no surprise

We’ve written at length about account compromise and identity theft, and how criminals will often hijack accounts belonging to dead people. In many ways, it’s the perfect crime for anyone indulging in social engineering. The amount of abandoned accounts due to death can only ever go up, and nobody....

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue (https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f), the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in.....

Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting

While fixing an Authenticated Stored Cross-Site Scripting issue (https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f), the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in.....

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation...

Charitable – Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature. PoC 1. Go to /wp-admin/edit.php?post_type=donation 2. Add new donation 3. In the first or last name forms, add the XSS payload 4. Save and the XSS payload will be...

Unbreakable Enterprise kernel security update

[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert Allow mce to reset instead of panic on UE (William Roche) ...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert 'Allow mce to reset instead of panic on UE' (William...

Stripe: HTML Injection in the Invoice memos field

Summary: In customer invoices a memo field is vulnerable to HTML injection. So i can takeover any victim's account with auto-save functionality through HTML injection. Basically when we saved the login credential in our browser & tried to login into the account the browser automatically fills the.....

Stripe: Email change or personal data change on the account.

@dk82hg found the email change flow on indiehackers.com was vulnerable to an insecure direct object reference (IDOR) which allowed an attacker to change the email associated with a user account to one they owned and ultimately take over a victim’s account in certain situations. A fix was shipped...

3 Takeaways From The 2021 VDBIR: It’s An Appandemic

VDBIR Overview “Appandemic” sounds a bit like “appendectomy.” From a societal standpoint, it’s almost as alarming — if not more so — as the surgical procedure is from a personal standpoint. Because in the midst of the global pandemic we’ve all experienced over the past year and a half, web...

Musk-Themed '$SpaceX' Cryptoscam Invades YouTube Ads

YouTube fans have been swindled out of almost $1 million (and counting) thanks to an extremely convincing fake SpaceX crypto-coin campaign that uses a popular decentralized finance protocol called Uniswap. The scam is rearing its Elon-Musk-themed head in ads on YouTube that show up before and...

How Cyber Sleuths Cracked an ATM Shimmer Gang

In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn't decrypt the data on the devices. This is....

User deposits can be turned into sponsors and then be stolen

Handle cmichel Vulnerability details Vulnerability Details When a user deposits to the treasury they first approve the contract and then call its deposit action which performs an ERC20.transferFrom. It's possible for an attacker to frontrun the final deposit transaction after the user approval and....

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting...

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting issue...

WordPress Stripe Payment Gateway for WooCommerce plugin <= 3.5.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Stripe Payment Gateway for WooCommerce plugin (versions &lt;= 3.5.9). Solution Update the WordPress Stripe Payment Gateway for WooCommerce plugin to the latest available version (at least...

WordPress GiveWP Plugin < 2.10.4 XSS Vulnerability

The WordPress...

WordPress GiveWP Plugin < 2.10.0 XSS Vulnerability

The WordPress...

Denial Of Service (DoS)

@worker-tools/stripe-webhook is vulnerable to denial of service. The verifyHeader is not an async function in the webhook and causes an error to be thrown after the request has...

constructEvent does not verify header

Impact Anyone verifying a Stripe webhook request via this library's constructEvent function. Patches Upgrade to 1.1.4. Workarounds Use await verifyHeader(...) directly instead of constructEvent. References...

constructEvent does not verify header

Impact Anyone verifying a Stripe webhook request via this library's constructEvent function. Patches Upgrade to 1.1.4. Workarounds Use await verifyHeader(...) directly instead of constructEvent. References...

CVE-2021-24315

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS...

CVE-2021-24315

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS...

Cross site scripting

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS...

CVE-2021-24315 Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS...

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Non-administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. 🕵️‍♂️ Proof of Concept Donation Creation and Update Donations - New Donation Enter XSS payloads into the fields Last Name, First Name and Receipt ID,...

DarkSide Suffers ‘Oh, Crap!’ Server Shutdowns

DarkSide, the ransomware-as-a-server (RaaS) gang that crippled Colonial Pipeline Co. a week ago, extorted around $5 million, and sent the fuel company a decryption tool that reportedly could barely limp through the process of unlocking files, has now been paralyzed itself. In the wee hours of...