WooDiscuz – WooCommerce Comments Security Vulnerabilities

PDF Invoices & Packing Slips for WooCommerce < 3.8.1 - Unauthenticated Stored Cross-Site Scripting

Description The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.16 - Contributor+ Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including,...

PDF Invoices & Packing Slips for WooCommerce < 3.8.1 - Unauthenticated Server-Side Request Forgery

Description The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from....

Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization

Description The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_smth() function in all versions up to, and including, 1.0.6.2. This makes it...

FOX – Currency Switcher Professional for WooCommerce < 1.4.1.9 - Unauthenticated Arbitrary Shortcode Execution

Description The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on...

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.2.6 - Reflected Cross-Site Scripting

Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 13.2.5 due to insufficient input sanitization and output...

TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds < 1.5.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

Description The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping......

Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting

Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Synapse V2 state resolution weakness allows Denial of Service (DoS)

Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database...

Synapse V2 state resolution weakness allows Denial of Service (DoS)

Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database...

Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across...

CVE-2024-2477

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft...

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS...

WP Social Comments < 1.7.4 - Missing Authorization via wpfc_allow_comments()

Description The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level.....

Multi Currency For WooCommerce < 1.5.6 - Missing Authorization

Description The Multi Currency For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the AddAdminAjaxAction() function in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with subscriber-level...

Order Limit for WooCommerce < 2.0.1 - Missing Authorization

Description The Order Limit for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_rules, save_wcol_options, xsollwc_support_form, and wcol_load_new_row functions in versions up to, and including, 2.0.0. This makes it possible for...

Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization

Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

Custom Thank You Page Customize For WooCommerce by Binary Carpenter < 1.4.14 - Missing Authorization

Description The Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the activation_callback() function in all versions up to, and including, 1.4.13. This makes it possible for...

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

WPC Grouped Product for WooCommerce < 4.4.3 - Missing Authorization

Description The WPC Grouped Product for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_update_search_settings, ajax_get_plugins, and ajax_get_essential_kit functions in all versions up to, and including, 4.4.2. This makes it...

Open Close WooCommerce Store < 4.9.2 - Missing Authorization

Description The Open Close WooCommerce Store – Best Business Schedules Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_active and ajax_update_timezone functions in all versions up to, and including, 4.9.1. This...

TrackShip for WooCommerce < 1.7.6 - Missing Authorization

Description The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to perform an unauthorized...

WPC Frequently Bought Together for WooCommerce < 7.0.4 - Missing Authorization

Description The WPC Frequently Bought Together for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_get_search_results, ajax_import_export, and ajax_import_export_save functions in versions up to, and including, 7.0.3. This makes...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...

CVE-2024-32687

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through...

CVE-2024-32691

Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through...

CVE-2024-32687

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through...

CVE-2024-32691

Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through...

Billions of scraped Discord messages up for sale

Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....

CVE-2024-32687 WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through...

CVE-2024-32691 WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through...

ownCloud < 10.13.3 Improper Input Validation Vulnerability

ownCloud is prone to an improper input validation ...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

Automattic: Authentication & Registration Bypass in Newspack Extended Access

Summary: The Newspack Extended Access plugin omits to validate JWT signing on the registration and login JSON endpoint. This permits registration of accounts with arbitrary (user-supplied) details, and auth bypass and account hijack if a target account email is known. Platform(s) Affected: Any...

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient...

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient...

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient...

[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40

A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Denial of Service in Comments API - ownCloud

Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...