Description The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.8AI Score
0.0004EPSS
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Impact XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC ```js const { Spec: { Version }, Validation: { XmlValidator } } = require('@cyclonedx/cyclonedx-library'); const version = Version.v1dot5; const validator = new...
8.1CVSS
7.5AI Score
0.0005EPSS
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Impact XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC ```js const { Spec: { Version }, Validation: { XmlValidator } } = require('@cyclonedx/cyclonedx-library'); const version = Version.v1dot5; const validator = new...
8.1CVSS
7.5AI Score
0.0005EPSS
How implementing a trust fabric strengthens identity and network
The identity security landscape is transforming rapidly. Every digital experience and interaction is an opportunity for people to connect, share, and collaborate. But first, we need to know we can trust those digital experiences and interactions. Customers note a massive rise in the sheer number...
7AI Score
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
9.2AI Score
0.0004EPSS
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
9.3AI Score
0.0004EPSS
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
7.1AI Score
0.0004EPSS
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
9.4AI Score
0.0004EPSS
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Desperate Taylor Swift fans defrauded by ticket scams
Ticket scams are very common and apparently hard to stop. When there are not nearly enough tickets for some concerts to accommodate all the fans that desperately want to be there, it makes for ideal hunting grounds for scammers. With a ticket scam, you pay for a ticket and you either don’t receive....
7AI Score
CVE-2024-30459 WordPress AI WP Writer plugin <= 3.6.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through...
5.3CVSS
5.6AI Score
0.0004EPSS
Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award
We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat...
7.3AI Score
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...
6.7AI Score
0.0004EPSS
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...
6.5AI Score
0.0004EPSS
Microsoft announces the 2024 Microsoft Security Excellence Awards winners
At this year's Microsoft Security Excellence Awards, we took a journey through the evolution of cybersecurity from the 1950s to today. While this event theme celebrated the significant technological advancements that have shaped each decade, the main focus was on the Microsoft Intelligent Security....
7.1AI Score
Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search
By Cyber Newswire Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework… This is a post from HackRead.com Read the original post: Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native...
7.3AI Score
7.3AI Score
Spring Tips: Vector Databases with Spring AI
Hi, Spring fans! In this installment, we look at the amazing support for vector databases in Spring...
7.2AI Score
AI Engine < 2.1.5 - Authenticated (Editor+) Server-Side Request Forgery
Description The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4 via the download_image function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary...
6.8CVSS
6.5AI Score
0.0004EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...
7.8CVSS
7.5AI Score
EPSS
Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.5AI Score
0.0004EPSS
Download Alt Text AI < 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it...
5.9CVSS
5.7AI Score
0.0004EPSS
Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery
Description The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to...
4.3CVSS
6.6AI Score
0.0005EPSS
Yoast SEO < 22.6 - Reflected Cross-Site Scripting
Description The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
6.1CVSS
6.4AI Score
0.001EPSS
This Week in Spring - May 7th, 2024
Hi, Spring fans! Welcome to another amazing installment of This Week in Spring! I'm in bellisima Rome, Italy, where I've just spent time in some fun meetings, and now I'm off to lovely London, UK, for Devoxx UK 2024. It's going to be amazing. If you're there, don't hesitate to say hi! I've got to.....
7.3AI Score
SEOPress < 7.7 - Information Exposure
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.7AI Score
0.0004EPSS
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1507-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:1507-1 advisory. The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value....
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through...
5.9CVSS
6.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through...
5.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-34366 WordPress AltText.ai plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through...
5.9CVSS
6.8AI Score
0.0004EPSS
CVE-2024-34366 WordPress AltText.ai plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through...
5.9CVSS
6.7AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through...
5.3CVSS
5.8AI Score
0.0004EPSS
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-34383 WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through...
5.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-34383 WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
New capabilities to help you secure your AI transformation
AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we...
7.4AI Score
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 22th, 2024, during our second Bug Bounty Extravaganza,.....
6.1CVSS
6.2AI Score
0.001EPSS
Why Your VPN May Not Be As Secure As It Claims
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's....
6.7AI Score
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced.....
8.6CVSS
7.2AI Score
0.002EPSS
7.3AI Score
In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file...
6.7AI Score
0.0004EPSS
In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file...
6.9AI Score
0.0004EPSS
In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file...
6.9AI Score
0.0004EPSS
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...
5.9AI Score
A New Surveillance Tool Invades Border Towns
Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security...
7.4AI Score
[SECURITY] Fedora 39 Update: chromium-124.0.6367.118-1.fc39
Chromium is an open-source web browser, powered by WebKit...
7.5AI Score
0.0004EPSS
Healthcare Needs To Be Laser-Focused on API Security and Its Blind Spots
API-powered tools can enhance patient access to healthcare services, but these tools also introduce risk. Learn how to protect your...
7.2AI Score
[SECURITY] Fedora 40 Update: chromium-124.0.6367.118-1.fc40
Chromium is an open-source web browser, powered by WebKit...
8.8CVSS
7.5AI Score
0.001EPSS