Lucene search
K

150 matches found

OSV
OSV
added 2021/05/06 1:15 p.m.4 views

CVE-2021-24245

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.05721EPSS
Exploits5References2
NVD
NVD
added 2021/05/06 1:15 p.m.16 views

CVE-2021-24245

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...

6.1CVSS0.05721EPSS
Exploits5References2
Prion
Prion
added 2021/05/06 1:15 p.m.13 views

Cross site scripting

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...

4.3CVSS5.9AI score0.05721EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.8 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Stop Spammers in versions prior to 2021.9 th...

6.1CVSS5.8AI score0.05721EPSS
Exploits5References4
Cvelist
Cvelist
added 2021/05/05 6:39 p.m.19 views

CVE-2021-24245 Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue...

6.2AI score0.05721EPSS
Exploits5References2
CVE
CVE
added 2021/05/05 6:39 p.m.125 views

CVE-2021-24245

The CVE-2021-24245 entry pertains to the WordPress Stop Spammers plugin (pre-2021.9). A reflected XSS exists because the plugin does not properly escape user input when blocking requests, outputting the input in an attribute after filtering HTML tags. This leads to potential script injection in p...

6.1CVSS5.9AI score0.05721EPSS
Exploits5References2Affected Software1
Talos Blog
Talos Blog
added 2021/04/30 7:0 a.m.33 views

Talos Takes Ep. #51: COVID and Tax Day have perfectly aligned for spammers

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. We see tax scams every year — people offering to do your taxes for you, finding a larger return, etc. But this... This is...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2021/04/27 1:54 a.m.16 views

Sifchain: Email Spoofing bug

Hi team, An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2021/04/08 12:0 a.m.646 views

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. From an IP not in the Allow List...

4.3CVSS0.2AI score0.05721EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2021/04/08 12:0 a.m.21 views

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. PoC From an IP not in the Allow List...

4.3CVSS0.1AI score0.05721EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2021/04/08 12:0 a.m.25 views

WordPress Stop Spammers plugin <= 2021.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Hoseinvita in WordPress Stop Spammers plugin versions = 2021.8. Solution Update the WordPress Stop Spammers plugin to the latest available version at least 2021.9...

6.1CVSS1.9AI score0.05721EPSS
Exploits5References3Affected Software1
ThreatPost
ThreatPost
added 2020/10/01 4:16 p.m.49 views

Spammers Smuggle LokiBot Via URL Obfuscation Tactic

Spammers have started using a tricky URL obfuscation technique that sidesteps detection – and ultimately infects victims with the LokiBot trojan. The tactic was uncovered in recent spear-phishing emails with PowerPoint attachments, which contain a malicious macro. When the PowerPoint file is...

7.4AI score
Exploits0References20
Hacker One
Hacker One
added 2020/02/11 12:14 p.m.119 views

Nextcloud: Email Spoofing

An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2019/04/11 11:20 a.m.79 views

Sextortion profits decline despite higher volume, new techniques

Post authored by Nick Biasini and Jaeson Schultz. Sextortion spammers continue blasting away at high volume. The success they experienced with several high-profile campaigns last year has led these attackers to continue transmitting massive amounts of sextortion email. These sextortion spammers...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2019/02/06 5:55 a.m.185 views

Brave Software: DMARC RECORD MISSING

VULNERABILITY TYPE- DMARC RECORD MISSING. HOW TO REPRODUCEPOC-ATTACHED IMAGE:- 1.GO TO- https://mxtoolbox.com 2.ENTER THE WEBSITEbrave.org.CLICK GO. 3.YOU WILL SEE THE FAULTNo DMARC Record found 4.In the new page that loads change MXLookup to DMARCLookup I HAVE ALREADY INFORMEDD THEM.THEY TOLD TO...

0.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2019/01/23 2:44 a.m.327 views

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/12/14 12:57 p.m.141 views

Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada

"Pay $20,000 worth of bitcoin, or a bomb will detonate in your building" A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/08/28 3:0 p.m.59 views

Official Cardi B website plagued by spammers

We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B or rather, for her web development team. At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see...

7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/08/25 11:35 p.m.61 views

Who’s Behind the Screencam Extortion Scam?

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it's likely that additional spammers and scammers piled on with...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/07/11 5:19 p.m.65 views

Notorious ‘Hijack Factory’ Shunned from Web

Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company's bandwidth providers chose to sever ties...

6.8AI score
Exploits0
Rows per page
Query Builder