‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

WordPress Font Farsi plugin <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by emad in WordPress Plugin Font Farsi versions = 1.6.6...

CVE-2024-2657

The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2007-3636

Malware in sbrugna...

EUVD-2010-4953

Malware in sbrugna...

EUVD-2007-3637

Malware in sbrugna...

EUVD-2007-3635

Malware in sbrugna...

EUVD-2008-5736

Malware in sbrugna...

EUVD-2024-27605

Malicious code in bioql PyPI...

CVE-2024-1752

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2007-3652

SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...

CVE-2007-3651

class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to obtain sensitive information via a '; quote semicolon sequence in the id parameter, which reveals the installation path in an error message...

CVE-2024-2657

The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress plugin Font Farsi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

PT-2024-21425 · WordPress · Font Farsi

Name of the Vulnerable Software and Affected Versions: Font Farsi plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

Font Farsi <= 1.6.6 - Administrator+ Stored Cross-Site Scripting

Description The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress Font Farsi plugin <= 1.6.6 - Admin+ Stored XSS in Settings vulnerability

Admin+ Stored XSS in Settings vulnerability discovered by Bob Matyas in WordPress Plugin Font Farsi versions = 1.6.6...

CVE-2024-1752

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1752

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1752 Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...