Email Subscribers & Newsletters Security Vulnerabilities

CVE-2022-3246

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as...

Sql injection

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as...

Wordfence Intelligence Launches New Malware Hash Feed!

Today, the Wordfence team is launching a Malware Hash Feed as part of our Wordfence Intelligence API. This gives our Enterprise users another way to rapidly and definitively identify malware targeting web applications. As the world’s foremost WordPress security provider, Wordfence has an expertly.....

CVE-2022-3246 Blog2Social < 6.9.10 - Subscriber+ SQLi

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as...

Why Ransomware in Education on the Rise and What That Means for 2023

The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide...

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them. PoC Examples of actions where low-privileged users can directly ask - https://example.com/wp-admin/admin-ajax.php?action=resmushit_bulk_get_images -...

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call...

DiceyF deploys GamePlayerFramework in online casino development studio

The Hacktivity 2022 security festival was held at the MOM Cultural Center in Budapest, Hungary, over two days, October 6-7th 2022. One of several presentations by our GReAT researchers included an interesting set of APT activity targeting online casino development and operations environments in...

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 (OpenSSL: Multiple Vulnerabilities) The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a...

Scribe Platform: End-to-end Software Supply Chain Security

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use. In fact, in Gartner recently published their 2022 cybersecurity predictions - not only do they...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2578)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2022-2549)

The remote host is missing an update for the Huawei...

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. PoC Run the below command.....

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as...

EulerOS Virtualization 3.0.6.0 : compat-openssl10 (EulerOS-SA-2022-2549)

According to the versions of the compat-openssl10 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2022-2578)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2022-2526)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2022-2525)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian...

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China,...

CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is...

CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is...

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by...

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by...

CVE-2011-5299

Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to...

CVE-2011-5299

Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to...

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as...

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers PoC Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

LinkedIn: Unauthorized User can View Subscribers of Other Users Newsletters

Issue description A creator can create a newsletter, the followers can subscribe to the newsletter. The owner of the newsletter can view the subscriber list by clicking the "subscriber" button. Server-side authorization checks are missing on GET...

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged.....

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.30398)

The version of AHV installed on the remote host is prior to 20201105.30398. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.30398 advisory. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many ...

CVE-2022-2405

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary...

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored.....

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored.....

CVE-2022-2405

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary...

Cross site scripting

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored.....

Cross site request forgery (csrf)

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary...

CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary...

CVE-2022-3024 Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored.....

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.6)

The version of AOS installed on the remote host is prior to 5.20.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.6 advisory. In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This...

Memberpress Downloads < 1.2.6 - Subscriber+ Arbitrary File Upload

The plugin does not properly check user capabilities in its file uploading AJAX endpoint, relying on WordPress nonces to do so. Unfortunately, the nonce can be leaked by any logged-in users, like subscribers. Since the Uploader library they use does not check file extensions at all, this may lead.....

Memberpress Downloads < 1.2.6 - Subscriber+ Arbitrary File Upload

The plugin does not properly check user capabilities in its file uploading AJAX endpoint, relying on WordPress nonces to do so. Unfortunately, the nonce can be leaked by any logged-in users, like subscribers. Since the Uploader library they use does not check file extensions at all, this may lead.....

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on...

Rocket LMS 1.6 SQL Injection

...

Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

By Waqas Scuba Jake, whose real name is Jake Koehler, had his YouTube channel "DALLMYD" with 13 million subscribers hacked to steal 1.01 BTC. This is a post from HackRead.com Read the original post: Popular YouTuber Scuba Jake's channel hacked to run crypto...

Amazon Linux 2022 : (ALAS2022-2022-041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-041 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates...

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary...

WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup PoC fetch('/wordpress/wp-admin/admin-ajax.php?action=delete_popup', { method:...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.2286)

The version of AHV installed on the remote host is prior to 20201105.2286. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.2286 advisory. A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed ...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4)

The version of AOS installed on the remote host is prior to 5.20.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4 advisory. NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling...