18 matches found
CVE-2025-15260
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...
CVE-2025-15260
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...
PT-2026-5883
Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...
WordPress Give plugin <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function vulnerability
Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via givereportsearnings Function vulnerability discovered by mikemyers in WordPress Plugin GiveWP versions = 3.22.0...
Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program
Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...
Empowering WordPress Bug Bounty Hunters: Meet the New Wordfence Bug Bounty Program Researcher Dashboard
Today, we are very excited to announce the launch of our brand-new researcher dashboard for the Wordfence Bug Bounty Program! One frequent request we received from our researchers was to have a way to manage and track all their vulnerability submissions in a single location, and we’re delivering...
Bluzelle’s Curium App Makes Crypto Earning Effortless
By Uzair Amir Meet Curium by Bluzelle, a new Miner Pool app. This is a post from HackRead.com Read the original post: Bluzelles Curium App Makes Crypto Earning Effortless...
A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.
Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...
Sanctionned funds keep earning APR, and protocol earning fees on these funds
Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...
New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data
A new Android malware strain called CherryBlos has been observed making use of optical character recognition OCR techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal...
PT-2023-17172 · Sourcecodester · Sourcecodester Earnings/Expense Tracker App
Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability was found in the SourceCodester Earnings and Expense Tracker App. This issue affects the file Master.php, specifically the a parameter with t...
inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)
A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...
The lucrative business of Bitcoin sextortion scams (updated)
Update 2019-09-04: A new wave of sextortion emails purporting to have originated from a group of hackers called ChaosCC—a play on the legitimate European white hat hacking community, Chaos Computer Club CCC—has recently caught the attention of the security world. Below is a sample email we captur...
Appbonus: мобильный заработок - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Appbonus: мобильный заработок published at the 'play' market has multiple vulnerabilities...
Discuz! X3.1 刷积分漏洞
简要描述: X3.1 利用特殊主题进行刷分 详细说明: 首先论坛需开启悬赏贴,如不开启,则无任何的影响。 具体步骤: 1,使用主号发布悬赏贴,其他号进行回帖。 2,主号打开2个窗口,1个窗口为采纳最佳答案的帖子,另1个窗口打开帖子的编辑。 然后,先采纳答案,然后把编辑的窗口,保存。 此处会发现帖子会变成未采纳,还可以继续采纳,但是主号的金币并没有在扣除。 漏洞证明:...
Rock band 'Garbage' twitter account Hacked to spam monetized link
Official Twitter account of Rock band 'Garbage' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can s...
Joomla Component com_joomlisting Upload Vulnerability
Exploit for php platform in category web applications ===================================================== Joomla Component comjoomlisting Upload Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...
PHP Property Rental Script XSS/ SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================== PHP Property Rental Script XSS/ SQL Injection Vulnerability =========================================================== Author: L0rd CrusAd3r aka VSN email protected Exploit Title:PHP...