WordPress WP Blog Post Layouts plugin <= 1.1.3 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin WP Blog Post Layouts versions = 1.1.3...

WordPress WP Blog Post Layouts Plugin <= 1.1.3 is vulnerable to Local File Inclusion

Software WP Blog Post Layouts Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-5503 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ea7b5a9de1a Credits stealthcopter Required privilege...

New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, were having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. Its gotten so bad that I need to do something. My options are limited because Im just one...

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...

CVE-2024-4623 Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter

The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paginationstyle’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress Blogmentor – Blog Layouts for Elementor Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Blogmentor – Blog Layouts for Elementor Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4623 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c442750df04b Credits...

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

CVE-2024-4305

CVE-2024-4305 affects the WordPress plugin combination “Post Grid Gutenberg Blocks and WordPress Blog Plugin.” The description in the sources specifies that versions before 4.1.0 do not validate and escape certain block options before they are output in a page/post where the block is embedded, wh...

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

yasuragitime.blog.fc2.com Cross Site Scripting vulnerability OBB-3935777

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Friday Squid Blogging: Squid Cartoon

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Exploit for CVE-2024-5326

CVE-2024-5326 CVE-2024-5326 Post Grid Gutenberg Blocks and Wor...

CVE-2023-35859

A Reflected Cross-Site Scripting XSS vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters...

CVE-2023-35858

XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...

CVE-2023-35858

XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...

CVE-2023-35858

XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information...

CVE-2023-35859

A Reflected Cross-Site Scripting XSS vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters...

CVE-2024-4615

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

CVE-2023-35859

A Reflected Cross-Site Scripting XSS vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters...

Modern Campus Omni CMS Security Vulnerability

Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from an XPath injection vulnerability in the blog and RSS...