Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
4.8CVSS
4.9AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
6.1CVSS
5.8AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
7.1CVSS
6.1AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
5.9CVSS
5.6AI Score
0.0005EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023)
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in.....
9.8CVSS
8.2AI Score
EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
8.8CVSS
8.3AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...
8.8CVSS
6.7AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
8.8CVSS
6.7AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...
8.8CVSS
8.4AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
8.8CVSS
8.3AI Score
0.002EPSS
Cross site request forgery (csrf)
The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...
8.8CVSS
8.4AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...
6.3CVSS
8.6AI Score
0.002EPSS
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
6.3CVSS
8.6AI Score
0.002EPSS
Genesis Market No Longer Feeds The Evil Cookie Monster
Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023 We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement taskforce spanning agencies...
7.6AI Score
WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls
The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors...
8.8CVSS
8.6AI Score
0.002EPSS
WCFM Frontend Manager < 6.6.0 - Multiple CSRF
The plugin does not have CSRF checks in numerous AJAX actions, allowing any attackers to make logged in admin modify knowledge bases/notices/payments, manage vendors/capabilities etc via CSRF...
8.8CVSS
8.7AI Score
0.002EPSS
Genesis Market No Longer Feeds The Evil Cookie Monster
Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023 We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement taskforce spanning agencies...
7.6AI Score
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
The developer of the Typhon Reborn information stealer released version 2 (V2) in January, which included significant updates to its codebase and improved capabilities. Most notably, the new version features additional anti-analysis and anti-virtual machine (VM) capabilities to evade detection and....
6.5AI Score
Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.3AI Score
0.001EPSS
Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Original request - with sandbox=checked...
4.8CVSS
5.2AI Score
0.001EPSS
Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version...
7.5AI Score
Threat Roundup for March 24 to March 31
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 24 and March 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
6.1AI Score
Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other...
6.5AI Score
Summary Commons-httpclient-3.0.1.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE (CVE-2012-5783). Vulnerability Details ** CVEID: CVE-2012-5783 DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible...
4.7AI Score
0.002EPSS
Exploit for Improper Authentication in Automattic Woocommerce Payments
CVE-2023-28121 WooCommerce Payments: Unauthorized Admin...
9.8CVSS
9.8AI Score
0.924EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)
Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in.....
9.8CVSS
8.6AI Score
EPSS
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, we've seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats.....
7.1AI Score
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence....
6.4AI Score
Malicious code in firestore-stripe-payments (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (fe8379e4865e08389112e877335adb792c71474239b3b6b500505ea736cde7f3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
"Log-out king" Instagram scammer gets accounts taken down, then charges to reinstate them
A fraudster going by "OBN Brandon" has been defrauding Instagram influencers and entertainment figures out of hundreds of thousands of dollars by taking down their accounts and then asking for money to get them back up again, ProPublica reports. OBN has been successful in his exploits taking...
6.8AI Score
Copy-paste heist or clipboard-injector attacks on cryptousers
It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although we have written about a similar malware attack in 2017 in one of our...
6.7AI Score
8.8CVSS
9.1AI Score
0.003EPSS
8.8CVSS
7.3AI Score
0.015EPSS
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison
Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to.....
6.2AI Score
A week in security (March 20 - 26)
Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about...
6.8AI Score
Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory....
6.9AI Score
WordPress WooCommerce Payments Plugin Authentication Bypass Vulnerability (Mar 2023)
The WordPress...
9.8CVSS
9.8AI Score
0.924EPSS
WooCommerce Payments Plugin for WordPress 5.6.x < 5.6.2 Authentication Bypass
The WooCommerce Payments Plugin installed on the remote host is affected by an authentication bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
PSA: Update Now! Critical Authentication Bypass in WooCommerce Payments Allows Site Takeover
This post has been updated with additional information that has become available since its publication The Wordfence Threat Intelligence team regularly monitors plugin updates and reviews any indicating that a potential security issue may have been addressed. Today, March 23, 2023, we noticed that....
7.1AI Score
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7...
7.1CVSS
6AI Score
0.001EPSS
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7...
6.1CVSS
6.3AI Score
0.001EPSS
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7...
6.1CVSS
6AI Score
0.001EPSS
CVE-2022-47145 WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7...
7.1CVSS
6.3AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)
Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
8.8CVSS
8.1AI Score
EPSS
Zero-day spells disaster for Bitcoin ATM
Bitcoin ATMs have experienced a severe bout of cash drain after a zero-day bug was exploited to steal a total of $1.5 million in digital currency. The ATMs, located in various convenience stores, function along the lines of regular banking ATMs except your dealings are all in the cryptocurrency...
6.5AI Score
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the blog PoC POST /wp-json/wp/v2/users HTTP/1.1 Host: 127.0.0.1 Upgrade-Insecure-Requests: 1 Accept:...
9.8CVSS
9AI Score
0.924EPSS
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation
The plugin has a flaw allowing unauthenticated attackers to create an admin account and take over the...
9.8CVSS
9.3AI Score
0.924EPSS
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...
9.1CVSS
9.3AI Score
0.007EPSS
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...
9.1CVSS
9.4AI Score
0.007EPSS
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...
9.1CVSS
9.3AI Score
0.007EPSS