WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities

Financial cyberthreats in 2022

Financial gain remains the key driver of cybercriminal activity. In the past year, we've seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats.....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

Cve-2023-28432...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

minio_unauth_check CVE-2023-28432,minio信息泄露检测工具...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)

Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475-RCE-POC 漏洞名称 CVE-2022-42475 飞塔RCE漏洞 POC...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor

CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...

CVE-2023-1469

The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...

Code injection

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location...

WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure

The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel RCE CVE-2021-3129 漏洞概述...

Exploit for CVE-2023-21839

CVE-2023-21839 分析...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

Exploit for CVE-2023-23752

CVE-2023-23752 介绍 开源，go多并发批量探测poc，准确率高....

Exploit for Code Injection in Vmware Spring Cloud Function

CVE-2022-22963 (spring cloud function sple rce) spring...

PayPal Sued Over Data Breach that Impacted 35,000 users

By Waqas If the case proceeds as a class action, it could potentially represent thousands of affected individuals seeking damages from PayPal This is a post from HackRead.com Read the original post: PayPal Sued Over Data Breach that Impacted 35,000...

Exploit for CVE-2021-3129

Laravel Debug mode RCE漏洞（CVE-2021-3129）poc / exp ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced...

Exploit for CVE-2023-23752

CVE-2023-23752 Joomla 未授权访问漏洞 CVE-2023-23752 漏洞描述...

Crushing the two biggest threats to mobile endpoint security in 2023

Don't let their small size fool you: mobile devices can have a big impact on your security posture. It's easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022. Malware and phishing are two particular mobile threats that you need to...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....

CVE-2023-0535

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0535

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Cross site scripting

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0535 Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Unauthorized Access Vulnerability in Esaote Electronic Document Security Management System

Yisetong Electronic Document Security Management System is an electronic document security encryption software. There is an unauthorized access vulnerability in Yisetong Electronic Document Security Management System, which can be exploited by attackers to obtain sensitive...

Weak Password Vulnerability in E3 Omni-Channel Configuration Center of Shanghai Esaote Software Co.

Shanghai Esaote Software Co., Ltd. is an omni-channel digital retail solution provider, offering operational consulting and digital intelligence solutions for the retail industry. A weak password vulnerability exists in the E3 Omni-Channel Configuration Center of Shanghai Esaote Software...

Who’s Behind the Botnet-Based Service BHProxies?

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here's a closer look at Mylobot,...

Fake Amazon Prime email abuses LinkedIn's URL shortener

Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If you've ever seen a Tiny URL, or a Bit.ly link, you'll already be...

CVE-2022-48345

sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced...

Exploit for CVE-2023-23752

CVE-2023-23752-Joomla 免责声明：...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 (image from freepik.com & flaticon.com) The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 (image from freepik.com & flaticon.com) The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Weak password vulnerability exists in CGW9000 of Shanghai Huanchuang Communication Technology Co.

Shanghai Huanchuang Communication Technology Co., Ltd. is a high-tech enterprise focusing on the research and development of wireless communication products for private networks, providing private network solutions for rail transportation, fire emergency, intelligent manufacturing, coal mining,...

Weak Password Vulnerability in CGW4700-RC of Shanghai Huanchuang Communication Technology Co.

Shanghai Huanchuang Communication Technology Co., Ltd. is a high-tech enterprise focusing on the research and development of wireless communication products for private network with the core of wireless communication technology, providing solutions for private network in rail transportation, fire.....

Weak Password Vulnerability in CGW4900 of Shanghai Huanchuang Communication Technology Co.

Shanghai Huanchuang Communication Technology Co., Ltd. is a high-tech enterprise focusing on the research and development of wireless communication products for private network with the core of wireless communication technology, providing solutions for private network in rail transportation, fire.....

PayPal Scammers Using Legitimate Accounts to Send Phishing Invoices

By Deeba Ahmed Scammers are creating legit PayPal accounts and sending phishing invoices to unsuspected users and since the email comes from [email protected] chances of falling for this scam are more than usual. This is a post from HackRead.com Read the original post: PayPal Scammers Using...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly...

Quick Paypal Payments < 5.7.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Quick Paypal Payments < 5.7.26 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting...

Quick Paypal Payments < 5.7.26 - Unauthenticated Payment Message Deletion/Update

The plugin does not have authorisation in the download_logs function, allowing unauthenticated users to export, delete payment messages, as well as update payment message...

CVE-2023-0275

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0275

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...