93 matches found
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
A new remote access trojan RAT called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providi...
Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin
On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...
WordPress wGauge – Free Version plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress wGauge – Free Version plugin versions = 1.0.0. Solution No patched version available...
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...
CM Registration Pro < 3.2.1 - PHP Object Injection
The plugin was using an outdated library which was affected by a PHP Object Injection issue. The free version is not affected as it was not using the library even though it was skipped with it...
Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
The plugins have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “titletag” parameter. Although the element control lists a fixed set of possible html tags, it is possib...
Slack hurries to fix direct message flaw that allowed harassment
The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...
Unauthorized Access Vulnerability in Free Version of Kile Self-Media News System
Kile Self-Media News Management System is a news management system based on TP5.1 development. An unauthorized access vulnerability exists in the free version of Kile Self-Media News System. An attacker can exploit the vulnerability to perform unauthorized operations, such as randomly deleting or...
Command Execution Vulnerability in Free Version of Kilo Brokerage Guarantee System
Kile Intermediary is a TP5.1-based intermediary secured transactions system, Kile Intermediary secured transactions system is a professional virtual asset intermediary secured transactions system, the program can be used to do domain names, websites, accounts, small programs, WeChat public number...
QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...
SQL Injection Vulnerability in Baiyi Networks baiyiCMS
Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in Baiyi Networks baiyiCMS (CNVD-2020-23533)
Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in Baiyi Networks baiyiCMS (CNVD-2020-23532)
Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Login Bypass Vulnerability in the m****r.asp Page of the Free Version of Vanno's Enterprise Website Management System ASP
Vanno Enterprise Website Management System is a website content management system based on a full DIV+CSS template. Vanno enterprise website management system ASP free version of the mr.asp page there is a login bypass vulnerability, an attacker can use the vulnerability to use any registered use...
SQL Injection Vulnerability in i**o.asp Page of VANOC Enterprise Website Management System ASP Free Version
Vanno Enterprise Website Management System is a website content management system based on a full DIV+CSS template. Vanno enterprise website management system ASP free version of the io.asp page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive...
Core Elastic Stack Security Features Now Available For Free Users As Well
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...
CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-14584)
CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the email field in CWP versions 0.9.8.793 Free and 0.9.8.753 Pro, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this...
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...