Critical Zcash Vulnerability Found and Fixed

If you're a user--owner?--of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enou...

WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by hhhai in WordPress Plugin WebinarIgnition versions 4.08.253...

WordPress CBX 5 Star Rating & Review plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin CBX 5 Star Rating & Review versions = 1.0.7...

WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation vulnerability

Missing Authorization to Unauthenticated Xpro Template Creation vulnerability discovered by at1as - Self-Employed in WordPress Plugin Xpro Elementor Addons versions = 1.5.0...

WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by devploit in WordPress Plugin Checkout Files Upload for WooCommerce versions = 2.2.5...

WordPress SureTriggers plugin < 1.1.23 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin OttoKit versions 1.1.23...

WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP User Frontend versions = 4.2.5...

WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...

WordPress EmojiNation theme <= 1.0.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme EmojiNation versions = 1.0.12...

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Paid Member Subscriptions versions = 2.16.8...

WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Allmart versions = 1.1...

WordPress Responsive Header Plugin plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Responsive Header versions = 1.0...

WordPress Viet contact plugin <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability discovered by 0x34rth in WordPress Plugin Viet contact versions = 1.3.2...

WordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Mdr in WordPress Plugin Frontend File Manager versions = 23.5...

WordPress Tutor LMS Pro plugin <= 3.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

WordPress ContentStudio plugin <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Contentstudio versions = 1.3.7...

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zota versions = 1.3.14...

WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Listdom versions = 5.0.1...