13 matches found
PT-2026-40565
Name of the Vulnerable Software and Affected Versions coreActivity: Activity Logging for WordPress versions prior to 3.1 Description The plugin is susceptible to PHP Object Injection, a condition where untrusted data is passed to a deserialization function, potentially allowing the execution of...
WordPress coreActivity plugin < 2.1 - Unauthenticated IP Spoofing vulnerability
Unauthenticated IP Spoofing vulnerability discovered by Erwan LR WPScan in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions 2.1...
📄 HEUR.Backdoor.Win32.Poison.gen DLL Hijacking
This code implements an advanced WININET.dll proxy via DLL hijacking that is designed as a defensive countermeasure against malware such as HEUR.Backdoor.Win32.Poison.gen. The malware family Poison loads a 32‑bit WININET.dll from its current directory, which enables execution flow hijacking MITRE...
EUVD-2004-1355
Malware in sbrugna...
EUVD-2025-10325
Malicious code in bioql PyPI...
EUVD-2024-16635
Malicious code in bioql PyPI...
WordPress History Log by click5 Cross-Site Scripting Vulnerability
WordPress History Log by click5 is a plugin for tracking user activity and logging changes to your website. A cross-site scripting vulnerability exists in WordPress History Log by click5. The vulnerability stems from improper input neutralization and can be exploited by an attacker to execute...
CVE-2024-0868
The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value...
WordPress plugin coreActivity: Activity Logging SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
CVE-2024-0868
The CVE-2024-0868 entry concerns the WordPress coreActivity: Activity Logging plugin for WordPress (versions
Insider Threat: Employees indicted for stealing $88 million of license keys
Two insiders and an accomplice were indicted on Tuesday for multiple counts of fraud. According to documents unsealed by the Wester District of Oaklahoma, a grand jury charged Raymond Bradley Pearce aka Brad Pearce, a former employee of Avaya; Dusti O. Pearce, his wife; and Jason M. Hines aka Joe...
TrickBot Sample Accidentally Warns Victims They're Infected
TrickBot, the infamous info-stealing trojan, has been trying out a test module that accidentally pops up fraud alerts to victims. A sandboxed sample of the trojan, obtained by MalwareHunterTeam and analyzed by Advanced Intelligence’s Vitali Kremez, turns out to contain a new module, called “modul...
Kernel.org Linux Site Compromised
Attackers have compromised a number of servers at kernel.org that house the Linux kernel source code and were able to modify a number of files and log user activity on the machines. However, it appears right now as though the Linux source code repositories were not affected by the attack. A messa...