Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)
Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
7.5CVSS
7AI Score
EPSS
Exploit for Path Traversal in Stagil Stagil Navigation
Jira plugin STAGIL Navigation FileName参数的任意文件读取漏洞POC脚本...
7.5CVSS
7.1AI Score
0.183EPSS
Exploit for OS Command Injection in Cacti
Cacti remote_agent.php 远程命令执行漏洞 CVE-2022-46169 漏洞描述...
9.8CVSS
9.8AI Score
0.965EPSS
大华智慧园区综合管理平台publishing文件上传 POC 安装依赖 ``` pip install...
9.8CVSS
7.1AI Score
0.029EPSS
Exploit for Path Traversal in Lanproxy Project Lanproxy
Lanproxy 目录遍历漏洞 CVE-2021-3019 漏洞描述...
7.5CVSS
7.1AI Score
0.009EPSS
7.5CVSS
7.1AI Score
0.021EPSS
7.5CVSS
7.1AI Score
0.021EPSS
Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.
WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary...
8AI Score
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...
7.6AI Score
7.8CVSS
8.2AI Score
0.346EPSS
Command Execution Vulnerability in Qixingchen Tianyue Network Security Audit System
Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...
7.6AI Score
Smartbi windowUnloading Authentication Bypass Vulnerability
Smartbi is a one-stop big data analytics platform. An authentication bypass vulnerability exists in Smartbi windowUnloading, which can be exploited by an attacker to obtain system user credentials and execute remote...
7.2AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
9.8CVSS
7.9AI Score
EPSS
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a file upload vulnerability in the Intelligent Logistics Unattended...
6.9AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432 CVE-2023-28432检测工具 1、启动使用方法:...
7.5CVSS
7.9AI Score
0.885EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)
Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.5AI Score
EPSS
Qixing Information Technology Group Corporation is an enterprise mainly engaged in technology promotion and application service industry. A command execution vulnerability exists in the Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co. that can be exploited by....
7.3AI Score
Discord.io confirms theft of 760,000 members' data
Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...
7.3AI Score
Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.
WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...
8.1AI Score
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,....
6.6AI Score
7.8CVSS
7.8AI Score
0.0004EPSS
Exploit for Missing Authorization in Wpmet Metform Elementor Contact Form Builder
CVE-2022-1442 WordPress Plugin Metform <= 2.1.3 - Improper...
7.5CVSS
7.2AI Score
0.033EPSS
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. There is a command execution vulnerability in the Sky Mirror Vulnerability Scanning and...
7.3AI Score
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
EPSS
7.1AI Score
EPSS
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...
9CVSS
8.7AI Score
0.421EPSS
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...
7AI Score
7.1AI Score
0.922EPSS
7.1AI Score
7.1AI Score
Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability
In airflow.providers.jdbc.hooks.jdbc.JdbcHook, A privilege escalation vulnerability exists in a system due to controllable Driver Path and Driver Class parameters which cause executing any java code. Vulnerability reproduction steps: 1. create a malicious jdbc driver, like this ``` import...
7.1AI Score
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.2AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
6.6AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.2AI Score
0.001EPSS
Cross site request forgery (csrf)
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.3AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
4.5AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.974EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
6.5AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...
5.4CVSS
9AI Score
0.001EPSS
Exploit for Command Injection in Chamilo
Chamilo_CVE-2023-34960-EXP 帮助: usage: CVE-2023-34960.py...
9.8CVSS
9.3AI Score
0.922EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述...
8.6CVSS
7.7AI Score
0.973EPSS
Exploit for Use After Free in Linux Linux Kernel
fork from https://github.com/veritas501/hbp_attack_demo...
7.1AI Score
8.8CVSS
9.1AI Score
0.516EPSS
Exploit for Double Free in Openbsd Openssh
CVE-2023-25136 OpenSSH 9.1漏洞大规模扫描和利用 *脆弱性的详细信息...
6.5CVSS
7AI Score
0.009EPSS
CVE-2023-2982 WordPress Social Login and Register (Discord,...
9.8CVSS
9.8AI Score
0.012EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.6AI Score
EPSS
Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.
ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
6.6AI Score