Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through...
8.8CVSS
8.2AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through...
8.8CVSS
6.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through...
7.1CVSS
8.5AI Score
0.001EPSS
CVE-2023-34030 WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through...
6.5CVSS
8.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through...
5.4CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through...
6.5CVSS
5.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through...
5.4CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MonsterInsights Pro allows Stored XSS.This issue affects MonsterInsights Pro: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Meta sued over forcing users to pay to stop tracking
Meta is required to get users’ consent in Europe in order to show them targeted ads. For this reason, Meta has to provide European users with a way to opt out of behavioral advertising or face fines totalling $100,000 a day. Behavioral advertising are ads tailored to someone’s browsing habits and.....
6.9AI Score
What is Recovery Time Objective (RTO)?
Grasping the Technique: The Often Misconstrued 'RTO' Unravelled in the Sphere of Business Resiliency At the heart of organisational durability and a tactical roadmap directing towards reestablishing regular operations post-disruptions, lies the often misrepresented 'Recovery Time Objective' (RTO).....
6.8AI Score
Starter Templates <= 3.2.5 - Incorrect Authorization
Description The Starter Templates (free and premium) plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the sse_import() function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
6.7AI Score
0.0004EPSS
Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery
Description The Premium version of the Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.7.5. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to update...
6.7AI Score
Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Starter Templates (free and premium) plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remote_request. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary.....
5.4CVSS
6.9AI Score
0.0004EPSS
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...
9.8CVSS
9AI Score
EPSS
Within the sphere of IT, 'network accessibility' is a term frequently used. Yet, does everyone understand its connotation? Simplistically put, network accessibility alludes to how readily a network or system can be accessed by its users. It quantifies to what extent a system is functioning and...
7.9AI Score
WP Helper Premium < 4.5.2 - Cross-Site Request Forgery via whp_fields
Description The WP Helper Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.1. This is due to missing or incorrect nonce validation on the 'whp_fields' function. This makes it possible for unauthenticated attackers to update the plugin...
8.8CVSS
6.5AI Score
0.001EPSS
Malwarebytes consumer product roundup: The latest
At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too. Here are the innovations we’ve made in our products...
7.3AI Score
6.5CVSS
8.1AI Score
0.003EPSS
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Privilege Escalation Vulnerability
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution...
9.8CVSS
8.2AI Score
0.003EPSS
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care,....
9.8CVSS
9.3AI Score
0.003EPSS
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. "Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users....
7AI Score
Student discount: Get 50% off Malwarebytes
Technology is now an indispensable part of student life, used for everything from socialising and calling home, to writing and researching essays. Unfortunately, that makes students taking their first steps into adult life a prime target for cybercrime. But how can you be sure the Wi-Fi network...
7AI Score
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearly....
7.1AI Score
By upgrading your plan to the new premium+ plan immediately after your profile pic changes you can sidestep the review process allowing users to continously change their profile pictures without them being reviewed. You can do this upgrading and downgrading the plans. I have detailed this in a...
7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through...
8.8CVSS
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through...
8.8CVSS
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through...
6.5CVSS
8.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through...
4.3CVSS
8.9AI Score
0.001EPSS
Price can be easily inflated/deflated by large depositors in the Market contract
Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/bonding_curve/LinearBondingCurve.sol#L21-L22 Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which....
7.1AI Score
We all just need to agree that ad blockers are good
I don't think this is a particularly bold take -- but I'm not afraid to say that ad blockers are good! Ever since I started using one sometime in 2016, my experience of using the internet has improved exponentially. I can finally easily find a recipe for dinner on a random influencer's blog, get a....
7.8CVSS
7.3AI Score
0.0005EPSS
Credit card skimming on the rise for the holiday shopping season
As we head into shopping season, customers aren't the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat we're following closely and expect to increase over the next several weeks is...
7AI Score
KB5032391: Servicing stack update for Windows Server 2016: November 14, 2023
KB5032391: Servicing stack update for Windows Server 2016: November 14, 2023 REMINDERWindows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of service (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates.Windows 10, version 1607 IoT...
6.8AI Score
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally...
9.8CVSS
0.001EPSS
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally...
10CVSS
9.3AI Score
0.001EPSS
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally...
9.8CVSS
7.1AI Score
0.001EPSS
CVE-2023-4804 Quantum HD Unity
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally...
10CVSS
9.6AI Score
0.001EPSS
YouTube shows ads for ad blocker, financial scams
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes that have been added to the Wordfence...
9.8CVSS
10AI Score
EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1...
8.8CVSS
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1...
8.8CVSS
7.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1...
9AI Score
0.001EPSS
Johnson Controls Quantum HD Unity
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access...
10CVSS
7.4AI Score
0.001EPSS
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
6.6AI Score
Rocky Linux 8 : openssl (RLSA-2021:4424)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4424 advisory. Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is...
7.5CVSS
7.6AI Score
0.008EPSS