JetBackup – WP Backup, Migrate & Restore Security Vulnerabilities

CVE-2024-34002 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player &lt;=...

CVE-2024-34002

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to...

Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...

VSS Snapshot Creation Delay on Server with DFSR Enabled

When preparing the DFS VSS writer for backup, the Veeam Agent gets into a recursion while checking the files in the scope of the DFS...

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks PoC Codes:...

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following shortcode...

BWL Advanced FAQ Manager 2.0.3 SQL Injection

...

WP eMember < 10.3.9 - Reflected Cross-Site Scripting

Description The WooCommerce and WP eMember Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CSSable Countdown <= 1.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to...

plasma[56]-plasma-workspace -- Unauthorized users can access session manager

David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the...

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

...

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site...

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to...

CSSable Countdown <= 1.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting PoC 1. On the login page, enter any username and for the password enter `` 2. As an admin, view the logs at:...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-069)

The version of kernel installed on the remote host is prior to 5.4.276-189.376. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-069 advisory. 2024-06-19: CVE-2024-36905 was added to this advisory. 2024-06-19: CVE-2024-36959 was added to this...

CVE-2024-34005

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WP Logs Book <= 1.0.1 - Log Clearing via CSRF

Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack PoC Make an admin open an HTML file containing: Note: The 404 Error Logs can also be cleared by modifying the...

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to...

CVE-2024-34004

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...

CVE-2024-34003

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make an admin open an HTML file...

WP Logs Book <= 1.0.1 - Log Clearing via CSRF

Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF...

Backup fails with "Invalid argument Asynchronous request operation has failed. Failed to open storage for read/write access"

This error occurs when the storage device is formatted with a 4k logical block size and the Veeam Data Mover Service does not have sufficient permissions to determine the logical block...

CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF...

TYPO3 Possible Insecure Deserialization in Extbase Request Handling

It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...

TYPO3 Possible Insecure Deserialization in Extbase Request Handling

It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by...

Beware of scammers impersonating Malwarebytes

Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image.....

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-&gt;{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:...

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-&gt;{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:...