CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...

CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible eve...

CVE-2024-12454

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-12454

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-12454 Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-12454

CVE-2024-12454 details (WordPress): The Affiliate Program Suite — SliceWP Affiliates plugin is vulnerable to Cross-Site Request Forgery across all versions up to 1.1.23 due to missing or incorrect nonce validation in a function. This enables unauthenticated attackers to induce an administrator to...

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service RaaS called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301...

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

CVE-2024-9289

The CVE-2024-9289 affects WordPress & WooCommerce Affiliate Program (WordPress) plugin versions

CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

PT-2024-39545 · WordPress · Wordpress & Woocommerce Affiliate Program

Name of the Vulnerable Software and Affected Versions: WordPress & WooCommerce Affiliate Program plugin versions up to, and including, 8.4.1 Description: The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass due to the rtwwwap login request...

WordPress plugin WordPress & WooCommerce Affiliate Program 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

The Wordfence Affiliate Program Officially Launches Today

Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...

TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 CVSS score...

Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service RaaS program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit node...