Google Announces Passkeys Adopted by Over 400 Million Accounts
Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232...
9.1AI Score
EPSS
Easy Accept Payments < 5.0 - Missing Authorization
Description The Easy Accept Payments via PayPal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.10. This makes it possible for unauthenticated attackers to perform an unauthorized...
7.5CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...
7.5CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...
7.5CVSS
7.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through...
7.5CVSS
7.8AI Score
0.0004EPSS
Ring agrees to pay $5.6 million after cameras were used to spy on customers
Amazon's Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers' private videos, and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The....
7.1AI Score
Exploit for Improper Ownership Management in Linux Linux Kernel
安装编译环境 ``bash sudo apt install -y gcc libfuse-dev...
7.8CVSS
6.6AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.018EPSS
8.8CVSS
7.4AI Score
0.002EPSS
8.8CVSS
7.4AI Score
EPSS
8.8CVSS
7.4AI Score
0.002EPSS
7.3CVSS
7.1AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System...
7.8CVSS
6.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...
6.8AI Score
WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation
Description The WP Express Checkout (Accept PayPal Payments) plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 2.3.7. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated...
7.5CVSS
6.5AI Score
0.0004EPSS
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....
7.5CVSS
7.7AI Score
0.005EPSS
10CVSS
9.7AI Score
0.133EPSS
10CVSS
9.6AI Score
0.133EPSS
7.8CVSS
7.2AI Score
0.0004EPSS
8.8CVSS
7AI Score
0.006EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
描述: 这是一款支持多线程批量探测Confluence...
9.8CVSS
7.5AI Score
0.975EPSS
8.2CVSS
8.2AI Score
0.082EPSS
Vans warns customers of data breach
Skater brand Vans emailed customers last week to tell them about a recent “data incident.” On December 13, 2023, Vans said it detected unauthorized activities on its IT systems, attributed to "external threat actors." An investigation revealed that the incident involved some personal information...
7.3AI Score
Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks
All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an...
6.9AI Score
7.9AI Score
Exploit for Protection Mechanism Failure in Microsoft
CVE-2024-21412_Water-Hydra 通过 CVE-2024-21412 传递恶意软件...
8.1CVSS
8.7AI Score
0.002EPSS
Exploit for Protection Mechanism Failure in Microsoft
CVE-2024-21412_Water-Hydra 通过 CVE-2024-21412 传递恶意软件...
8.1CVSS
8.7AI Score
0.002EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
Contact Form 7 – PayPal & Stripe Add-on < 2.1 - Reflected Cross-Site Scripting
Description The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.1CVSS
6.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.004EPSS
9.8CVSS
7.4AI Score
0.004EPSS
9.8CVSS
9.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...
9.8CVSS
9.6AI Score
0.001EPSS
About the security content of macOS Sonoma 14.4
About the security content of macOS Sonoma 14.4 This document describes the security content of macOS Sonoma 14.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.6CVSS
8.9AI Score
0.963EPSS
About the security content of iOS 17.4 and iPadOS 17.4
About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.8CVSS
8.9AI Score
0.002EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through...
5.4CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
4.3CVSS
4.2AI Score
0.0004EPSS
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
4.3CVSS
5.2AI Score
0.0004EPSS
Cross site request forgery (csrf)
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
4.3CVSS
6.7AI Score
0.0004EPSS
The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...
4.3CVSS
4.6AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.005EPSS
Description The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce...
4.3CVSS
6.4AI Score
0.0004EPSS