WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

WordPress Automatic YouTube Gallery plugin < 1.6.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Automatic YouTube Gallery plugin versions 1.6.5. Solution Update the WordPress Automatic YouTube Gallery plugin to the latest available version at least 1.6.5...

WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin < 1.2.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin versions 1.2.4. Solution Update the WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin to the latest available...

WordPress Speculor theme <= 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Speculor theme versions = 1.2.0. Solution No patched version available...

WordPress Easy Code Snippets plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Code Snippets plugin versions = 1.0.0. Solution Update the WordPress Easy Code Snippets plugin to the latest available version at least 1.0.1...

WordPress The Events Calendar plugin < 5.14.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress The Events Calendar plugin versions 5.14.0.4. Solution Update the WordPress The Events Calendar plugin to the latest available version at least 5.14.0.4...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Cost Calculator Builder plugin < 2.3.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Cost Calculator Builder plugin versions 2.3.3. Solution Update the WordPress Cost Calculator Builder plugin to the latest available version at least 2.3.3...

WordPress Past Events Extension plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Past Events Extension plugin versions = 1.0.1. Solution No patched version available...

WordPress Revolution for Elementor plugin <= 0.0.19 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Revolution for Elementor plugin versions = 0.0.19. Solution No patched version available...

WordPress Sparrow: Product Reviews and Ratings for WooCommerce plugin <= 2.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Sparrow: Product Reviews and Ratings for WooCommerce plugin versions = 2.0.2. Solution No patched version available...

WordPress Noted PRO plugin <= 1.02 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Noted PRO plugin versions = 1.02. Solution No patched version available...

WordPress Easy Tiktok Feed plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Tiktok Feed plugin versions = 1.1.0. Solution Update the WordPress Easy Tiktok Feed plugin to the latest available version at least 1.1.1...

Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices

ASUSTOR network-attached storage NAS devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates ADM 4.0.4.RQO2 to "fix related security issues." The...

Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

Description of the security update for SharePoint Server 2019: June 8, 2021 (KB5001944)

Description of the security update for SharePoint Server 2019: June 8, 2021 KB5001944 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, SharePoint spoofing vulnerability, SharePoint Server remote code execution vulnerability, and SharePoint Server...

Fedora: Security Advisory for lightsoff (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)

channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:GHSA-V542-8Q9X-CFFC...

feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)

channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:PYSEC-2021-113...