652 matches found
CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update
The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update
The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2025-13413
CVE-2025-13413 (Country Blocker for AdSense) is a CSRF vulnerability in WordPress plugin versions up to 1.0 due to missing nonce validation in the CBFA_guardar_cbfa() function, enabling unauthenticated attackers to trigger settings updates by tricking an admin. Public details indicate the issue a...
CVE-2026-2502
The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...
PT-2026-20598
Name of the Vulnerable Software and Affected Versions Country Blocker for AdSense plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation in the CBFA guardar cbfa function. This allows...
WordPress plugin Country Blocker for AdSense 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Country Blocker for AdSense plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Country Blocker for AdSense versions = 1.0...
Minor update for Vivaldi Android Browser 7.8
Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the initial 7.8 stable release: Ad blocker Improvements...
CVE-2026-1675
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
CVE-2026-1675
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
CVE-2026-1675
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...
WordPress plugin Advanced Country Blocker 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-6896
Name of the Vulnerable Software and Affected Versions Advanced Country Blocker plugin for WordPress versions prior to 2.3.2 Description The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret...
WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability
Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...
New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan
In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...
New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan
In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into executing malicious commands under the pretext of restoring normal functionality. This variant...
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a...