Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22,...
7.5CVSS
8.1AI Score
0.001EPSS
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a CVSS score of 9.8, is an unauthenticated remote code execution vulnerability that.....
8.7AI Score
0.001EPSS
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...
10CVSS
9.2AI Score
0.001EPSS
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed......
7.8AI Score
10CVSS
9.9AI Score
0.001EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...
8.8CVSS
8.9AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...
8.8CVSS
7.2AI Score
0.0004EPSS
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for...
4.3CVSS
4.6AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and...
6.5CVSS
6.4AI Score
0.0004EPSS
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 1st, 2024, during our second Bug Bounty...
8.8CVSS
7.8AI Score
0.0004EPSS
Wyze cameras show the wrong feeds to customers. Again.
Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and.....
7.4AI Score
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such...
6.6AI Score
0.0004EPSS
Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
Description The plugin does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example PoC As unauthenticated, open the following URL to unlink the Instagram account of the user with....
6.8AI Score
0.0004EPSS
Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
Description The plugin does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for...
7.1AI Score
0.0004EPSS
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action PoC Log in as a subscriber, access the Diagnostic tab of the plugin (/wp-admin/admin.php?page=enjoyinstagram_plugin_options&tab;=diagnostic)...
6.3AI Score
0.0004EPSS
9.8CVSS
7.2AI Score
0.006EPSS
Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure
Description The plugin discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request. This was fixed in 3.0.0 for new plugin installation, however when upgrading, users will have to unset the "Owner email address" in the Feed...
6.9AI Score
0.0004EPSS
Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure
Description The plugin discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request. This was fixed in 3.0.0 for new plugin installation, however when upgrading, users will have to unset the "Owner email address" in the Feed...
6.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...
10CVSS
9AI Score
0.154EPSS
Imperva defends customers against CVE-2024-22024 in Ivanti products
Ivanti recently published an urgent warning about an authentication bypass in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, tracked as CVE-2024-22024. The bug, which carries a severity score of 8.3, was discovered during an internal review. Since its announcement on February 8,...
8.3CVSS
7.3AI Score
0.006EPSS
U.S. Dept Of Defense: DBMS information getting exposed publicly on -- [ ██████████ ]
hi there, when i was working on your domain. i got to know that website is using drupal. and after a long fuzzing i found a file on your domain which was leaking some user hashed and data stored in your DBMS this data could be confidential to you so i am mentioning it below make sure to check...
6.6AI Score
GitLab Tags RSS feed email disclosure
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It is possible to read the user email address via tags feed although the visibility in the user profile has been...
6.9AI Score
WP RSS Aggregator < 4.23.6 - Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source
Description The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web...
6.5AI Score
0.0004EPSS
Description The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible...
6.6AI Score
0.0004EPSS
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it...
5.6AI Score
0.0004EPSS
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it...
6.7AI Score
0.0004EPSS
RSS Aggregator by Feedzy < 4.4.3 - Authenticated(Contributor+) SQL Injection
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter...
8.8CVSS
6.9AI Score
0.0004EPSS
RSS Aggregator by Feedzy < 4.4.3 - Missing Authorization to Arbitrary Page Creation and Publication
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions...
6.5CVSS
6.3AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...
9.8CVSS
9.5AI Score
EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
5.5CVSS
7.7AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
7.8CVSS
5.5AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
7.8CVSS
5.6AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
5.5CVSS
7.7AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
5.5CVSS
6AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
6CVSS
5.5AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
5.5CVSS
7.2AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
5.5CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
5.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-1150 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
7.8CVSS
7.9AI Score
0.0004EPSS
CVE-2024-1149 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-7169 Impersonate vendor signed Powershell scripts
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
6CVSS
6.3AI Score
0.0004EPSS
Faraday’s researchers Javier Aguinaga and Octavio Gianatiempo have investigated on IP cameras and two high severity vulnerabilities. This research project began when Aguinaga's wife, a former Research leader at Faraday Security, informed him that their IP camera had stopped working. Although...
8.8CVSS
8.5AI Score
0.001EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
3.8CVSS
5.2AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
3.8CVSS
4AI Score
0.0004EPSS
Server side request forgery (ssrf)
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
3.8CVSS
6.8AI Score
0.0004EPSS
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
3.8CVSS
4.4AI Score
0.0004EPSS
Privacy information management system considerations for ISO 42001
Organizations that want to pursue ISO 42001 certification and have an existing ISO management system in place need to consider how to integrate an AI management system with their current management system to ensure common objectives and obligations are maintained. The following blog post explores.....
7AI Score
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
4.3CVSS
4.3AI Score
0.0004EPSS
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
4.3CVSS
5.2AI Score
0.0004EPSS