Login as User or Customer < 3.3 - Privilege Escalation

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. id: CVE-2022-4305 info: name: Login as User or Customer 3.3 - Privilege Escalation author: r3Y3r53 severity: critical...

EUVD-2026-23903

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...

PT-2026-7812

Name of the Vulnerable Software and Affected Versions Agents affected versions not specified Description Agents trained before 2026 have a flaw that causes them to disregard optimal investment opportunities. Specifically, agents ignore the asset 9CMf9Awr12juc8oSv4XrvZUwXsW4Jhaakm5FT53gpump due to...

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...

CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

CVE-2026-1295 Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

EUVD-2026-4906

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

WordPress Buy Now Plus plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Buy Now Plus versions = 1.0.2...

PT-2026-5069

The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on shortcode attributes. This makes it possible for...

WordPress Plugin: Buy Now Plus – Cross-Site Script Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2023-25030

Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7...

Is Your Android TV Streaming Box Part of a Botnet?

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix , ESPN and Hulu , all for a one-time fee of around $400. But security experts...

EUVD-2025-143288

Malicious code in anita-buy-mag npm...

EUVD-2025-142519

Malicious code in butry-yust-buy npm...

MAL-2025-173015 Malicious code in anita-buy-mag (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b599342ad2a8e3c2e550e77f14685e0a1e5a9ee423f41378cae33c17dab394d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in internal-native-buy (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-48500 Malicious code in internal-native-buy (npm)

The package communicates with a domain associated with malicious activity...