150 matches found
CVE-2021-24245
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...
CVE-2021-24245
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...
Cross site scripting
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Stop Spammers in versions prior to 2021.9 th...
CVE-2021-24245 Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...
CVE-2021-24245
The CVE-2021-24245 entry pertains to the WordPress Stop Spammers plugin (pre-2021.9). A reflected XSS exists because the plugin does not properly escape user input when blocking requests, outputting the input in an attribute after filtering HTML tags. This leads to potential script injection in p...
Talos Takes Ep. #51: COVID and Tax Day have perfectly aligned for spammers
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We see tax scams every year — people offering to do your taxes for you, finding a larger return, etc. But this... This is...
Sifchain: Email Spoofing bug
Hi team, An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create...
Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. From an IP not in the Allow List...
Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. PoC From an IP not in the Allow List...
WordPress Stop Spammers plugin <= 2021.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Hoseinvita in WordPress Stop Spammers plugin versions = 2021.8. Solution Update the WordPress Stop Spammers plugin to the latest available version at least 2021.9...
Spammers Smuggle LokiBot Via URL Obfuscation Tactic
Spammers have started using a tricky URL obfuscation technique that sidesteps detection – and ultimately infects victims with the LokiBot trojan. The tactic was uncovered in recent spear-phishing emails with PowerPoint attachments, which contain a malicious macro. When the PowerPoint file is...
Nextcloud: Email Spoofing
An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...
Sextortion profits decline despite higher volume, new techniques
Post authored by Nick Biasini and Jaeson Schultz. Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these attackers to continue transmitting massive amounts of sextortion email. These sextortion spammers...
Brave Software: DMARC RECORD MISSING
VULNERABILITY TYPE- DMARC RECORD MISSING. HOW TO REPRODUCEPOC-ATTACHED IMAGE:- 1.GO TO- https://mxtoolbox.com 2.ENTER THE WEBSITEbrave.org.CLICK GO. 3.YOU WILL SEE THE FAULTNo DMARC Record found 4.In the new page that loads change MXLookup to DMARCLookup I HAVE ALREADY INFORMEDD THEM.THEY TOLD TO...
Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com
Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication...
Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada
"Pay $20,000 worth of bitcoin, or a bomb will detonate in your building" A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and...
Official Cardi B website plagued by spammers
We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B or rather, for her web development team. At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see...
Who’s Behind the Screencam Extortion Scam?
The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it's likely that additional spammers and scammers piled on with...
Notorious ‘Hijack Factory’ Shunned from Web
Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company's bandwidth providers chose to sever ties...