Accept Stripe Donation – AidWP Security Vulnerabilities

CVE-2022-3986 WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...

First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept In Pair.add(), the amount of LP token.....

Stripe: Possible XSS vulnerability without a content security bypass

Summary: Hi security team members, Hope you are well and doing great :) I found a Possible XSS vulnerability in https://dashboard.stripe.com but I was not able to bypass a content security policy. Although, I don't have much knowledge about CSP and its bypasses. But, I read that you accept the XSS....

Design/Logic Flaw

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send...

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting...

Cross site scripting

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting...

CVE-2022-4004 Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send...

CVE-2022-4005 Donation Button <= 4.0.0 - Contributor+ Stored XSS

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting...

Ho, ho, no! Scams to avoid this festive season

Whether you've been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins, and we're going to give some additional context along with tips to avoid these digital lumps of coal. Social media.....

WordPress WP Stripe Checkout plugin <= 1.2.2.20 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Lana Codes in WordPress WP Stripe Checkout plugin (versions &lt;= 1.2.2.20). Solution Update the WordPress WP Stripe Checkout plugin to the latest available version (at least...

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post...

WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone...

Donation Button <= 4.0.0 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting...

Donation Button <= 4.0.0 - Contributor+ Stored XSS

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC Put the following shortcode in a blog post: [paypal_donation_button align='center"...

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. PoC While....

Unbreakable Enterprise kernel security update

[4.14.35-2047.519.2.1] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

WordPress Metform <=2.1.3 - Information Disclosure

WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA.....

Lawsuit Seeks Food Benefits Stolen By Skimmers

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the...

WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection

WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify...

MHDDoS - DDoS Attack Script With 56 Methods

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods Please Don't Attack websites without the owners consent. ...

Unbreakable Enterprise kernel security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

How Card Skimming Disproportionally Affects Those Most In Need

When people banking in the United States lose money because their payment card got skimmed at an ATM, gas pump or grocery store checkout terminal, they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of...

Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

...

Stripe Green Downloads 2.03 Cross Site Scripting

...

WordPress Donation Thermometer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. cross-site scripting vulnerability exists in versions prior to WordPress Donation Thermometer 2.1.3. The...

A look at the 2020–2022 ATM/PoS malware landscape

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Now, as we predicted in last year's forecast, many are returning to their....

CVE-2022-3128

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Cross site scripting

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2022-3128 Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2022-3128

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Stripe: Promotion code can be used more than redemption limit.

Summary: While creating a promotion code a user can specify number of times that code can be redeemed.(i.e. Redemption limit) {F1962666} Codes aren't supposed to be redeemed more than the redemption limit. But there exists a race condition that allows use of promotion codes more than redemption...

Prilex: the pricey prickle credit card complex

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that...

OSRipper - AV Evading OSX Backdoor And Crypter Framework

OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows (yet at least) and for now i will not focus on windows. You can also PM me on discord for support...

FIRST DEPOSITOR CAN BREAK MINTING OF SHARES

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. In the SemiFungibleVault.sol file, the allocation of...

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the...

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Put the following payload in the Settings &gt...

WordPress Donation Thermometer plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas in WordPress Donation Thermometer plugin (versions &lt;= 2.1.2). Solution Update the WordPress Donation Thermometer plugin to the latest available version (at least...

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Stripe: Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/

@mr_asg discovered an improper access control issue in TaxJar. This could have allowed for account takeover using the email change functionality. The vulnerability was caused by not correctly validating whether or not the reset password token was connected to the user being reset and was resolved.....

Twitter security under scrutiny after former executive turns whistleblower

A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy....

Stripe: Unauthorized Canceling/Unsubscribe TaxJar account & Payment information DIsclosure

@mr_asg discovered that users of an account with member permissions were improperly allowed to view certain subscription details and cancel the subscription for that account. I discovered a Vulnerability that allows the user who has member privileges to unsubscribe (Cancel) the account instead of.....

Stripe: Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data

Improper access control at app.taxjar.com/current_user_data allows a user with member role to invite themselves to the account as an...

Security update for trivy (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: Update to version 0.30.4: fix: remove the first arg when running as a plugin (#2595) fix: k8s controlplaner scanning (#2593) fix(vuln): GitLab report template (#2578) ...

Stripe: [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure

@mr_asg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account. I discovered a Vulnerability that allows the user who has member privileges to connect new carts to the Taxjar account , like...

Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack

Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee...