144521 matches found
Get paid to scroll TikTok? The data trade behind Freecash ads
Loyal readers and other privacy-conscious people will be familiar with the expression, “If it’s too good to be true, it’s probably false.” Getting paid handsomely to scroll social media definitely falls into that category. It sounds like an easy side hustle, which usually means there’s a catch. I...
CVE-2026-24581
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...
Wordfence Bug Bounty Program Monthly Report – December 2025
Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...
CVE-2026-24581
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...
CVE-2026-24581
CVE-2026-24581 is a Missing Authorization / Broken Access Control vulnerability affecting the WordPress plugin Points and Rewards for WooCommerce (versions up to and including 2.9.5). The issue enables access-control bypass due to misconfigured permission checks, as reported in multiple sources (...
CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...
CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...
PT-2026-4420
Name of the Vulnerable Software and Affected Versions WP Swings Points and Rewards for WooCommerce versions through 2.9.5 Description An authorization issue exists in WP Swings Points and Rewards for WooCommerce, allowing exploitation due to incorrectly configured access control security levels...
WordPress plugin Points and Rewards for WooCommerce has security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Points and Rewards for WooCommerce versions = 2.9.5...
PT-2026-1155
CVE-2025-22189 - Adobe Flash Player Unvalidated Redirects and Rewards URR CVE ID : CVE-2025-22189 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...
GO-2025-4214 Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond in github.com/babylonlabs-io/babylon
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond in github.com/babylonlabs-io/babylon...
EUVD-2025-201932
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond...
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...
Black Friday scammers offer fake gifts from big-name brands to empty bank accounts
Black Friday is supposed to be chaotic, sure, but not this chaotic. While monitoring malvertising patterns ahead of the holiday rush, I uncovered one of the most widespread and polished Black Friday scam campaigns circulating online right now. It’s not a niche problem. Our own research shows that...
WordPress WooCommerce Ultimate Points And Rewards plugin Information Disclosure Vulnerability
WordPress WooCommerce Ultimate Points And Rewards plugin is a points and rewards management tool designed for WooCommerce, which awards points through customer behavior e.g., purchases, registrations, comments, etc. and supports redemption of discounts, coupons or free products, aiming to increas...
CVE-2025-64267
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through...
EUVD-2025-163779
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through...
CVE-2025-64267
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through...