Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/02/05 1:22 p.m.7 views

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

6.5CVSS6AI score0.00274EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.6 views

CVE-2025-15260

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...

6.5CVSS5.5AI score0.00274EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.32 views

PT-2026-5883

Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...

6.5CVSS5.6AI score0.00274EPSS
Exploits2References6
Patchstack
Patchstack
added 2025/03/18 7:46 a.m.4 views

WordPress Give plugin <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability

Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via givereportsearnings Function vulnerability discovered by mikemyers in WordPress Plugin GiveWP versions = 3.22.0...

7.5CVSS8.8AI score0.00583EPSS
Exploits1References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2025/01/21 8:34 p.m.11 views

Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program

Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...

6.6AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2024/07/30 6:22 p.m.40 views

Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard

Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single location, and we’re delivering...

7.2AI score
Exploits0
HackRead
HackRead
added 2024/02/22 2:0 p.m.14 views

Bluzelle’s Curium App Makes Crypto Earning Effortless

By Uzair Amir Meet Curium by Bluzelle, a new Miner Pool app. This is a post from HackRead.com Read the original post: Bluzelles Curium App Makes Crypto Earning Effortless...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.11 views

A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.

Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.11 views

Sanctionned funds keep earning APR, and protocol earning fees on these funds

Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/29 8:10 a.m.43 views

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

A new Android malware strain called CherryBlos has been observed making use of optical character recognition OCR techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.4 views

PT-2023-17172 · Sourcecodester · Sourcecodester Earnings/Expense Tracker App

Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability was found in the SourceCodester Earnings and Expense Tracker App. This issue affects the file Master.php, specifically the a parameter with t...

6.1CVSS6.6AI score0.00363EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/11/23 4:1 p.m.19 views

inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)

A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/22 3:0 p.m.73 views

The lucrative business of Bitcoin sextortion scams (updated)

Update 2019-09-04: A new wave of sextortion emails purporting to have originated from a group of hackers called ChaosCC—a play on the legitimate European white hat hacking community, Chaos Computer Club CCC—has recently caught the attention of the security world. Below is a sample email we captur...

7AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:52 a.m.22 views

Appbonus: мобильный заработок - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Appbonus: мобильный заработок published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/03/11 12:0 a.m.24 views

Discuz! X3.1 刷积分漏洞

简要描述: X3.1 利用特殊主题进行刷分 详细说明: 首先论坛需开启悬赏贴,如不开启,则无任何的影响。 具体步骤: 1,使用主号发布悬赏贴,其他号进行回帖。 2,主号打开2个窗口,1个窗口为采纳最佳答案的帖子,另1个窗口打开帖子的编辑。 然后,先采纳答案,然后把编辑的窗口,保存。 此处会发现帖子会变成未采纳,还可以继续采纳,但是主号的金币并没有在扣除。 漏洞证明:...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2012/10/17 2:24 p.m.8 views

Rock band 'Garbage' twitter account Hacked to spam monetized link

Official Twitter account of Rock band 'Garbage' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can s...

6.9AI score
Exploits0
0day.today
0day.today
added 2010/06/18 12:0 a.m.30 views

Joomla Component com_joomlisting Upload Vulnerability

Exploit for php platform in category web applications ===================================================== Joomla Component comjoomlisting Upload Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/06/09 12:0 a.m.20 views

PHP Property Rental Script XSS/ SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================== PHP Property Rental Script XSS/ SQL Injection Vulnerability =========================================================== Author: L0rd CrusAd3r aka VSN email protected Exploit Title:PHP...

7.1AI score
Exploits0
Rows per page
Query Builder