Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a....
2.6CVSS
3.9AI Score
0.0004EPSS
Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a....
2.6CVSS
6.6AI Score
0.0004EPSS
CVE-2024-30252 GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015`
Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a....
2.6CVSS
3.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
9.8CVSS
6.8AI Score
0.004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-ad50671f6c)
The remote host is missing an update for...
7.5AI Score
Easy Social Feed < 6.5.7 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
4.3CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2024-31b196eaf1)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2024-8890015ff3)
The remote host is missing an update for...
7.5AI Score
Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government...
7.3AI Score
[SECURITY] Fedora 38 Update: seamonkey-2.53.18.2-1.fc38
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
[SECURITY] Fedora 39 Update: seamonkey-2.53.18.2-1.fc39
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
[SECURITY] Fedora 40 Update: seamonkey-2.53.18.2-1.fc40
SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application.....
7.1AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through...
4.3CVSS
9.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
Easy Social Feed < 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid
Description The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fb_appid' parameter in versions up to, and including, 6.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.5CVSS
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....
9.9CVSS
9.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
CVE-2024-30180 WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through...
7.1CVSS
7.2AI Score
0.0004EPSS
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC.....
5.7AI Score
0.0004EPSS
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker...
6.5CVSS
6.3AI Score
0.001EPSS
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker...
6.5CVSS
6.3AI Score
0.001EPSS
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
6.1CVSS
6.2AI Score
0.0004EPSS
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
6.1CVSS
6.2AI Score
0.0004EPSS
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker...
6.5CVSS
6.2AI Score
0.001EPSS
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
6.1CVSS
6.1AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and...
5.4CVSS
5.1AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for...
4.3CVSS
5.2AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for...
4.3CVSS
4.2AI Score
0.0004EPSS
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and...
5.4CVSS
6.1AI Score
0.0004EPSS
WooCommerce Google Feed Manager < 2.3.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through...
5.9CVSS
9.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
AI and the Evolution of Social Media
Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...
6.3AI Score
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for...
7AI Score
0.0004EPSS
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such...
6.6AI Score
0.0004EPSS
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such...
6.4AI Score
0.0004EPSS
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for...
6.8AI Score
0.0004EPSS
CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for...
7AI Score
0.0004EPSS
CVE-2024-0780 Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such...
6.6AI Score
0.0004EPSS