WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities
Exploit for Untrusted Pointer Dereference in Microsoft
CVE-2023-21768-AFD-for-WinSock-EoP-exploit 分析文章在这里:...
7.8CVSS
8.8AI Score
0.003EPSS
Binary Vulnerability in Unisys Browser by Unisys Software Technology Co.
Unisys Software Technology Co., Ltd. is a company specializing in the development and service of operating systems. Unisys Software Technology Limited Unisys Browser suffers from a binary vulnerability that can be exploited by attackers to execute arbitrary...
7.5AI Score
7.5CVSS
7.8AI Score
0.953EPSS
9.8CVSS
9.3AI Score
0.091EPSS
9.8CVSS
9.3AI Score
0.091EPSS
Zimbra Collaboration (ZCS) - Cross Site Scripting
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request...
6.1CVSS
6.2AI Score
0.962EPSS
New Python-Based "Legion" Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct...
7.9AI Score
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
5.9CVSS
4.8AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
6.1CVSS
6AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
4.8CVSS
5.4AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
7.1CVSS
5.7AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
4.8CVSS
4.9AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
6.1CVSS
5.8AI Score
0.0005EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
7.1CVSS
6.1AI Score
0.0005EPSS
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25...
5.9CVSS
5.6AI Score
0.0005EPSS
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 jmreport/qurestSql 未授权SQL注入批量扫描poc...
9.8CVSS
9.3AI Score
0.091EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023)
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in.....
9.8CVSS
8.2AI Score
EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
Minio-CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
[CVE-2023-0669 GoAnywhere MFT 反序列化 - Je Yiuwai's...
7.2CVSS
8.3AI Score
0.969EPSS
Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging app's handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is...
6.6AI Score
FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. The domain seizures coincided with more than a...
6.9AI Score
Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
5.3AI Score
0.001EPSS
Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC Original request - with sandbox=checked...
4.8CVSS
5.2AI Score
0.001EPSS
German Police Raid DDoS-Friendly Host ‘FlyHosting’
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based...
6.6AI Score
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,.....
9.8CVSS
9.7AI Score
0.001EPSS
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,.....
9.8CVSS
8.4AI Score
0.001EPSS
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,.....
9.8CVSS
9.9AI Score
0.001EPSS
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,.....
9.8CVSS
9.7AI Score
0.001EPSS
CVE-2023-28843 Improper neutralization of SQL parameter in PayPal module for PrestaShop
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,.....
9.8CVSS
10AI Score
0.001EPSS
Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス
本ブログは、Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD...
6.8AI Score
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, we've seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats.....
7.1AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
Cve-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
minio_unauth_check CVE-2023-28432,minio信息泄露检测工具...
8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)
Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
8.8CVSS
8.1AI Score
EPSS
Exploit for Out-of-bounds Write in Fortinet Fortios
CVE-2022-42475-RCE-POC 漏洞名称 CVE-2022-42475 飞塔RCE漏洞 POC...
9.8CVSS
9.9AI Score
0.321EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...
9.8CVSS
9.7AI Score
0.015EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...
7AI Score
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...
7.5CVSS
7.6AI Score
0.076EPSS
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
4.8CVSS
4.9AI Score
0.001EPSS
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...
5.3CVSS
5.4AI Score
0.001EPSS
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...
5.3CVSS
5AI Score
0.001EPSS
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...
5.3CVSS
5AI Score
0.001EPSS
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...
5.3CVSS
5.4AI Score
0.001EPSS
WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure
The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address...
5.3CVSS
6.2AI Score
0.001EPSS
9.8CVSS
10AI Score
0.975EPSS
7.5CVSS
7.7AI Score
0.953EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...
8.8CVSS
0.1AI Score
EPSS
5.3CVSS
6.2AI Score
0.949EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Function
CVE-2022-22963 (spring cloud function sple rce) spring...
9.8CVSS
9.8AI Score
0.975EPSS