Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus
Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and...
7.2AI Score
7AI Score
0.0004EPSS
Intel 2024.2 IPU - BIOS May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...
4.7CVSS
6.9AI Score
0.0004EPSS
About the security content of visionOS 1.2
About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.9AI Score
0.001EPSS
Trend Micro VPN Proxy One Pro Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro VPN Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
6.9AI Score
0.0005EPSS
9.8CVSS
7.9AI Score
0.956EPSS
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-32701 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2024-32701 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...
5.3CVSS
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
Telerik Report Server Authentication Bypass - CVE-2024-4358...
9.8CVSS
9.9AI Score
0.938EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through...
4.3CVSS
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through...
6.5CVSS
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through...
4.3CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sensei Sensei Pro (WC Paid Courses) allows Stored XSS.This issue affects Sensei Pro (WC Paid Courses): from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...
4.3CVSS
0.0004EPSS
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...
4.3CVSS
4.3AI Score
0.0004EPSS
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...
4.3CVSS
0.0004EPSS
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the...
4.3CVSS
6.5AI Score
0.0004EPSS
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...
8.8CVSS
0.001EPSS
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...
8.8CVSS
8.6AI Score
0.001EPSS
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...
8.8CVSS
6.8AI Score
0.001EPSS
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...
8.8CVSS
0.001EPSS
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...
9.8CVSS
10AI Score
0.035EPSS
Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts
2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of.....
7.3AI Score
7.3AI Score
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.4CVSS
0.001EPSS
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...
8.8CVSS
7.9AI Score
0.001EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.001EPSS
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....
6.4CVSS
6AI Score
0.0004EPSS
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....
6.4CVSS
0.0004EPSS
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....
6.4CVSS
5.8AI Score
0.0004EPSS
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....
6.4CVSS
0.0004EPSS
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. Bugs ...
6.3AI Score
0.0004EPSS
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Bugs ...
6.3AI Score
0.0004EPSS
WP Reset < 2.03 - Missing Authorization to License Key Modification
Description The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
4.3CVSS
6.4AI Score
0.0004EPSS