CVE-2024-2306

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

EUVD-2024-27261

Malicious code in bioql PyPI...

CVE-2024-2306

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

PT-2024-19651 · WordPress · Revslider

Name of the Vulnerable Software and Affected Versions: Revslider plugin for WordPress versions up to, and including, 6.6.20 Description: The issue is related to Stored Cross-Site Scripting via svg upload due to insufficient input sanitization and output escaping. This allows authenticated attacke...

SoakSoak Botnet Pushing Neutrino Exploit Kit and CryptXXX Ransomware

Researchers are reporting a surge in CryptXXX ransomware infections delivered via business websites compromised to redirect to the Neutrino Exploit Kit. Attackers are targeting websites running the Revslider slideshow plugin for WordPress, according to a report released Tuesday by Invincea. Behin...

SoakSoak Malware Campaign Evolves

The attackers behind the SoakSoak malware campaign are continuing to modify their tactics and have infected a new group of Web sites. The Javascript code that the attackers target with the malware has also changed. Last week, Google took the step of blacklisting thousands of sites that had been...