3 matches found
CVE-2023-6883 Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Zomato: Self-Stored XSS - Chained with login/logout CSRF
NOTE! This report explains taking over an account in a single click by chaining stored XSS, WAF bypass, login and logout CSRF. Summary: Attacker can takeover someone's account by stealing their facebook / google login tokens chaining multiple vulnerabilities. Description: Attacker leaves a review...
30 Million Facebook Accounts Were Hacked: Check If You're One of Them
Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature. At the time of the initial disclosure, Facebook estimated that the number of...