Social Likebox & Feed Security Vulnerabilities

Exploit for Classic Buffer Overflow in Golang Go

Exploiting CVE-2021-38297: Vulnerability in GO Wasm Buffer...

getAssetPrice in ChainlinkPriceOracle.sol can return stale price.

Lines of code Vulnerability details Summary On chainlink oracle for every pair of tokens price updating time is different. After that particular time the price will be updated. getAssetPrice function is not checking when the last time the price was updated. So it may return stale price . So the...

Users could game oracle price deviation

Lines of code Vulnerability details Summary Prices returned from Chainlink oracles have different conditions to update the reported values, which can be abused by Impact Prices for the different LST assets supported in the Kelp protocol are obtained from a Chainlink oracle. The data feeds for each....

Photo Feed <= 2.2.1 - Reflected XSS

Description The plugin does not sanitise and escape the pf-gid parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...

Potential arbitrage opportunity

Lines of code Vulnerability details Impact According to the logic of the protocol (https://blog.kelpdao.xyz/exploring-a-new-defi-primitive-liquid-restaked-token-lrt-ed0a8f63a4e2), minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are...

Intrinsic arbitrage between assets due to price feed deviation threshold

Lines of code Vulnerability details Impact Withdrawals have not yet been implemented but I assume it will be implemented in the usual way such that the fraction of total supply of rsETH a user redeems gives him an equal fraction of total assets held, i.e. received = sharesToRedeem * totalAssets /.....

Staleness Vulnerability in chainlinkAdaptor's getAssetPrice function

Lines of code Vulnerability details Impact The current implementation of the getAssetPrice function in the chainlinkAdaptor contract lacks a crucial check for the heartbeat of the data feed, introducing a potential risk of consuming stale data. This issue is exacerbated by the fact that different.....

Missing sanity checks in Chainlink response

Lines of code Vulnerability details Summary Chainlink responses from price feeds are being used without any sanity checks. Impact The ChainlinkPriceOracle contract is used to interface with the Chainlink price feeds for the different LST assets in scope in the protocol. The current implementation.....

latestRoundData recommendation does not have consideration for stale price

Lines of code Vulnerability details Impact The issue is highlighted in the bot L-2 finding but fail to highlight the importance for checking stale price. The ChainlinkPriceOracle when calls out to a Chainlink oracle receiving using the recommended latestRoundData() it can get stale price, if there....

Failure to Initialize Default Price Feeds Can Cause Unexpected Reverts

Lines of code Vulnerability details Impact The ChainlinkPriceOracle contract does not initialize default price feed mappings for supported assets. This means calling the getAssetPrice function before explicitly setting a feed will result in a revert instead of a defined failure response. Details:.....

stETH/ETH, rETH/ETH and cbETH/ETH chainlink oracles has too long of heartbeat and deviation threshold which can cause loss of funds

Lines of code Vulnerability details ChainlinkPriceOracle fetches prices from the Chainlink contracts. But the price feeds in the consideration has a very long price heartbeat and deviation rate which might lead to wrong price calculation and loss of token to the user. Impact According to the...

CVE-2023-47522

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin &lt;= 2.2.1...

CVE-2023-47522

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin &lt;= 2.2.1...

Cross site scripting

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin &lt;= 2.2.1...

CVE-2023-47522 WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin &lt;= 2.2.1...

KB5032191: Cumulative security update for Internet Explorer: November 14, 2023

KB5032191: Cumulative security update for Internet Explorer: November 14, 2023 IMPORTANT Certain versions of Microsoft Internet Explorer have reached end of servicing. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates (ESUs)...

Weston Embedded uC-HTTP HTTP Server buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1726 Weston Embedded uC-HTTP HTTP Server buffer overflow vulnerability November 14, 2023 CVE Number CVE-2023-25181 SUMMARY A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially...

Ten Ways AI Will Change Democracy

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the "AI-generated disinformation" trope and speculate on some.....

CVE-2023-34384

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin &lt;= 1.5.12...

CVE-2023-34384

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin &lt;= 1.5.12...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin &lt;= 1.5.12...

CVE-2023-34384 WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin &lt;= 1.5.12...

CVE-2023-26518

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin &lt;= 1.6.9...

CVE-2023-26518

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin &lt;= 1.6.9...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin &lt;= 1.6.9...

CVE-2023-26518 WordPress WP TFeed Plugin <= 1.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin &lt;= 1.6.9...

Fostering Innovation in Web Security

I've always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazine's top 50 websites of 2005. These days we take free search capability for granted, but 20 years ago, before Nginx came.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)

Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes that have been added to the Wordfence...

CVE-2023-47227

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin &lt;= 1.5.4.6...

CVE-2023-47227

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin &lt;= 1.5.4.6...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin &lt;= 1.5.4.6...

CVE-2023-47227 WordPress Social Feed | All social media in one place Plugin <= 1.5.4.6 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin &lt;= 1.5.4.6...

Navigating the AI security landscape: From executive orders to cyber resilience

Explore the implications of the US Executive Order, discover the challenges and solutions in AI development, and learn how Coalfire's tailored approach ensures robust AI risk...

CVE-2023-5661

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5661

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Cross site scripting

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5661

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5082

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside...

CVE-2023-5082

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside...

Sql injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside...

CVE-2023-5082 History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside...

Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23

This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—they're spying on each other more. Whether reading someone's DMs, rifling through a partner's text messages, or even rummaging through the bags and belongings of someone...

Imperva customers are protected against CVE-2023-22518 in Confluence Data Center and Server

Atlassian released patches for the recently released vulnerability CVE-2023-22518 in their Confluence Data Center and Confluence Server products. This is a critical vulnerability, allowing attackers to bypass the authentication mechanism to potentially gain unauthorized access to sensitive...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023)

Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....

F5 Networks BIG-IP : IP Intelligence Feed List TMUI vulnerability (K68151373)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.1 / 12.1.4.1 / 13.1.1.5 / 14.0.0.5 / 14.1.0.6 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K68151373 advisory. On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,...

Tenable Nessus < 10.5.6 Multiple Vulnerabilities (TNS-2023-36)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-36 advisory. Nessus leverages third-party software to help provide underlying functionality....

Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”

Note: If you're a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission at....

Qualys API Best Practices: Policy Compliance – Posture Streaming (PCRS) API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys...

Imperva Customers are Protected Against the Latest F5 BIG-IP Vulnerability

Imperva is tracking the recent critical security vulnerability impacting F5’s BIG-IP solution. The vulnerability, CVE-2023-46747, could allow an attacker to bypass authentication and potentially compromise the system via request smuggling. Imperva Threat Research has been actively monitoring this.....

The Awesome Feed – Custom Feed <= 2.2.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...