CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

WordPress Rankology SEO and Analytics Tool plugin <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation vulnerability

Incorrect Authorization to Authenticated Editor+ Header & Footer Code Creation vulnerability discovered by SangNQ29 in WordPress Plugin Rankology SEO and Analytics Tool versions = 2.0...

CVE-2024-23882

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability...

WordPress Qyrr – simply and modern QR-Code creation Plugin < 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Qyrr – simply and modern QR-Code creation Type Plugin Vulnerable versions 1.5 Fixed in 1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID b4effa18b733 Credits Rafie Muhamma...

CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visitin...

New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. Add code...

WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability

Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability discovered by Daniel Ruf in WordPress New User Approve plugin versions = 2.3. Solution Update the WordPress New User Approve plugin to the latest available version at least 2.4...

How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice DOJ last week announced the arrest of a 55-year-old Latvian woman whos alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how di...