Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
Description The plugin allows any unauthenticated user to read draft and private posts via a crafted request PoC https://example.com/?post_status=draft...
5.3CVSS
6.4AI Score
0.001EPSS
Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
Description The plugin allows any unauthenticated user to read draft and private posts via a crafted...
5.3CVSS
6.7AI Score
0.001EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to...
6.4CVSS
5.3AI Score
0.001EPSS
FooGallery Premium < 2.4.6 - Contributor+ Stored XSS
Description The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and....
5.4CVSS
5.9AI Score
0.001EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
7.8AI Score
0.935EPSS
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as...
8.6CVSS
8.5AI Score
0.0005EPSS
impossible to open a position with a large marginTo
Lines of code Vulnerability details Description marginTo/From is a way to both cover your position and increase your premium when opening a position. There is however a unintended limit on how much marginTo you can provide when opening a position. When doing the swap to increase leverage, the...
7.2AI Score
Liquidation condition should not factor the liquidation reward into the premiums
Lines of code Vulnerability details Summary The premiums used to determine the liquidation condition have the liquidation reward already discounted, potentially causing a lien to be considered underwater while technically it is not. Impact Positions in Particle LAMM can be liquidated if the owed...
6.9AI Score
changing LOAN_TERM changes terms for existing loans
Lines of code https://github.com/code-423n4/2023-12-particle/blob/main/contracts/protocol/ParticlePositionManager.sol#L581-L585 Vulnerability details Impact If the protocol updates the loan terms, this will affect existing loans taken under different terms. Proof of Concept LOAN_TERM is a...
6.9AI Score
marginTo when opening a position increases slippage
Lines of code Vulnerability details Impact Providing marginTo when opening position will not increase premium but be stolen by MeV. This can be mitigated by providing amountOutMin in swap params but the protocol should guarantee proper swap. Proof of Concept When opening a position a borrower can.....
7AI Score
Modifying the loan term setting can default existing loans
Lines of code Vulnerability details Summary Protocol admins can modify the loan term settings. This action can inadvertently default existing loans created under different terms. Impact Positions in the Particle LAMM protocol are created for a configurable period of time, defined by the LOAN_TERM.....
6.8AI Score
Add premium doesn't collect fees
Lines of code Vulnerability details Summary Fees are applied to premiums when a new position is opened, but the same mechanism is not enforced when margin is added to an existing position. Impact When a new position is created in the LAMM protocol, fees are collected in favor of the LP owner that.....
7AI Score
Owners of LPs can be dosed when removing their position
Lines of code Vulnerability details Summary LP owners can reclaim liquidity to stop it from being extended for current liens but this doesn't stop from being used in new positions. Impact LP owners can signal their intention to pull liquidity by calling reclaimLiquidity(). This function updates...
6.6AI Score
liquidatePosition() change LOAN_TERM may result in the borrower paying additional liquidation fees.
Lines of code Vulnerability details Vulnerability details Currently, there are three ways to close a position: The borrower voluntarily closes it through closePosition(). If Premium is insufficient, it is forcibly closed by liquidatePosition(). After the loan expires, LP forcibly closes it by...
6.7AI Score
borrower can prevent liquidity provider from withdrawing their liquidity
Lines of code Vulnerability details Description When a liquidity provider wants to withdraw their liquidity they can call ParticlePositionManager::reclaimLiquidity. This will prevent any renewals: ParticlePositionManager::addPremium: File: protocol/ParticlePositionManager.sol 508: // check...
6.9AI Score
position can be opened without premium
Lines of code Vulnerability details Description Premium in ParticlePositionManager is used to cover trading fees accrued for the liquidity borrowed. When liquidating, a portion of the premium is also used for the liquidation reward. The issue is that a borrower can open a position without any...
7AI Score
liquidator will always take what is left of borrowers premium
Lines of code https://github.com/code-423n4/2023-12-particle/blob/main/contracts/protocol/ParticlePositionManager.sol#L415-L420 Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When...
7AI Score
Lines of code https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/Base.sol#L55 Vulnerability details Impact Lack of input validation for ClosePositionParams.amountSwap results in theft of fund Proof of Concept ParticlePositionManager.sol....
7.4AI Score
Providing LP outside of active range is prone to DoS
Lines of code Vulnerability details Impact When LP provide uniswap V3 position using ParticlePositionManager that have range outside of active price, it can be DoSed by opening position of all the provided liquidity. Proof of Concept When LPs provide a Uniswap V3 position that is currently outside....
6.9AI Score
Liquidation is not possible if trader blacklisted from blacklistable ERC20 token
Lines of code Vulnerability details Impact If a trader is blacklisted from a blacklistable ERC20 token while has an open position, it may not be possible to liquidate the position. Proof of Concept When liquidate position, it will eventually calculate the amount of token that need to be send to...
6.9AI Score
7.1CVSS
5.6AI Score
0.0004EPSS
Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...
7.4AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
7.1CVSS
5.6AI Score
0.0004EPSS
Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting
On August 14, 2023, the Wordfence Threat Intelligence team began a research project to find Stored Cross-Site Scripting (XSS) via Shortcode vulnerabilities in WordPress repository plugins. This type of vulnerability enables threat actors with contributor-level permissions or higher to inject...
6.4CVSS
5.9AI Score
0.001EPSS
Intercepting MFA. Phishing and Adversary in The Middle attacks
3 of my last 5 business email compromise investigations have involved an Adversary in The Middle (AiTM) attack. Even the more security-aware people with bolstered Microsoft 365 (M365) configurations are coming up blank as to how their comprehensive MFA policies have been bypassed. It’s a technique....
7.7AI Score
9.8CVSS
7.2AI Score
0.935EPSS
7.4AI Score
0.935EPSS
Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as a...
9.8CVSS
9.4AI Score
0.935EPSS
premium-webworks.com Improper Access Control vulnerability OBB-3808433
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
PSA: High Severity File Upload Vulnerability in Elementor Patched
On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed on nearly 9 million sites. We did not discover the original vulnerability and only became aware of it after reviewing the changelog containing a partial patch. We...
7.4AI Score
0.001EPSS
Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting
Description The Adifier (Premium Theme) theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.1CVSS
6.5AI Score
0.0005EPSS
WordPress Elementor 3.18.1 File Upload / Remote Code Execution Vulnerabilities
WordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import...
9.9CVSS
8.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today! Last week, there were.....
9.8CVSS
9.6AI Score
EPSS
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site. We...
9.1AI Score
Addressing post-quantum cryptography with CodeQL
When you hear the words, "quantum computing," it sounds like something out of a science fiction movie. Yet in recent years, quantum computing has become a hot topic, especially in the world of cryptography. Post-quantum cryptography raises many questions and challenges, and a group of researchers.....
7.2AI Score
9.8CVSS
7.4AI Score
0.002EPSS
_ 🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 _ On November...
8AI Score
0.002EPSS
8.8CVSS
6.7AI Score
0.014EPSS
SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2023:4634-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4634-1 advisory. ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. (CVE-2019-17540) Buffer Overflow...
8.8CVSS
7.7AI Score
0.014EPSS
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user's site with an identifier of CVE-2023-45124, which is not...
8.7AI Score
0.0004EPSS
WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.8 CSRF Vulnerability
The WordPress...
8.8CVSS
8.8AI Score
0.001EPSS
WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.7 CSRF Vulnerability
The WordPress...
8.8CVSS
8.8AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
0.0005EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
6.4AI Score
0.0005EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
7.1AI Score
0.0005EPSS
CVE-2023-37868 WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through...
6.5CVSS
6.7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through...
8.8CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through...
8.8CVSS
0.001EPSS