GiveWP <= 2.9.7 - Cross-Site Scripting

GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions before 2.10.0 is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in the admin Donors page. id: CVE-2021-24213 info: name: GiveWP = 2.9.7 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance

A post-midnight revolt in the House sank the White House's efforts to extend Section 702—a spy program the FBI has used to look into members of Congress, protesters, and political donors...

Buying Campaign Contributions as a Hack

The first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. Now there are a lot of conventional ways a candidate can get that many contributors. Doug Burgum came up with a novel idea: buy them: A long-shot contender at the bottom...

Hurricane-Related Scams 

CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...

A Privacy Panic Flares Up in India After Police Pull Payment Data

Nonprofit donors had their information given to law enforcement without consent, highlighting limited data protections in the world’s largest democracy...

WordPress GiveWP Plugin < 2.10.0 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24213

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

CVE-2021-24213

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

Cross site scripting

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

PT-2021-15758

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 2.10.0 Description: The issue is related to a reflected Cross-Site Scripting vulnerability inside the administration panel. This vulnerability can be exploited via the s GET...

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

The plugin did not check for user capability in the dmmexportdonations function, allowing any authenticated user to export a CSV file containing all donors personal information. PoC GET /wp-admin/admin-post.php?action=dmmexport...

Hurricane-Related Scams

June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often...

BloodX 1.0 - Authentication Bypass

Exploit Title: BloodX 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-31 Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: An standalone platform which lets...

Changing California’s privacy law: A snapshot at the support and opposition

This month, the corporate-backed, legislative battle against California privacy met a blockade, as one Senate committee voted down and negotiated changes to several bills that, as originally written, could have weakened the state’s data privacy law, the California Consumer Privacy Act. Though the...

English Defence League defaced by ZCompany Hacking Crew

ZCompany Hacking Crew members hack and deface English Defence League official website https://englishdefenceleague.org,a far-right British organization . Deface page include text "Fuck Zionist Jews! – Boycot israel! – Fuck the American Government! - Fuck fascist Organizations like EDL" and a...

Report: Anonymous Targets Neo-Nazis

The Anonymous Internet collective’s campaign against groups with whom they disagree surged into 2012 with “Operation Blitzkrieg,” which is targeting Neo-Nazi groups in Germany. Their latest effort includes a Wikileaks-style Website, Nazi-leaks.net, to uncover and expose the identities of...