WP < 6.2.2 - Shortcode Execution in User Generated Data

Description WordPress allows shortcode to be executed in user generated data via block themes, which could allow unauthenticated users to execute shortcode via comments for instance...

Security Vulnerabilities of ChatGPT-Generated Code

Discover the cybersecurity risks of AI-generated code, learn how to protect your applications, and understand how the rise of ChatGPT is impacting software development...

AI-powered content farms start clogging search results with ad-stuffed spam

A recent study by NewsGuard, trackers of online misinformation, makes some alarming discoveries about the role of artificial intelligence AI in content farm generation. If youve previously held your nose at the content mill grind, its probably going to become a lot more unpleasant. Content farms...

Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and extra security from Duo

Welcome to this weeks edition of the Threat Source newsletter. Im writing this earlier in the week as I get ready for some personal travel everyone is lucky I passed on writing another Cybersecurity Mock Draft, so apologies if I miss anything major that happens at RSA. But Cisco beat everyone to...

PT-2023-6573 · WordPress · Tablesome

Name of the Vulnerable Software and Affected Versions: Tablesome WordPress plugin versions prior to 1.0.9 Description: The issue is related to the Tablesome WordPress plugin, which does not properly escape generated URLs before outputting them in attributes when certain notices are displayed. Thi...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

Swatting as a Service

Motherboard is reporting on AI-generated voices being used for "swatting": In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one...

Server-side Request Forgery (SSRF)

Overview org.openapitools:openapi-generator-online is an a Spring Boot Server application which hosts a client/server generator API. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API endpoints /api/gen/clients/language and /api/gen/servers/framework...

Newsletter < 7.6.9 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=newslettersystemstatus"...

CVE-2023-28667

The Lead Generated WordPress Plugin, version = 1.23, was affected by an unauthenticated insecure deserialization issue. The tvelabels parameter of the tveapiformsubmit action is passed to the PHP unserialize function without being sanitized or verified, and as a result could lead to PHP object...

CVE-2023-28667

CVE-2023-28667 centers on the Lead Generated WordPress Plugin (version

WordPress Plugin Lead Generated 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodes...

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodes...

K80311892: InfoZIP vulnerability CVE-2019-13232

Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Impact Local users with administrative access to the BIG-IP Advanced Shell bash may be able...

southerncharmquiltinghsv.com Cross Site Scripting vulnerability OBB-3200215

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

SUSE CVE-2007-6637

Multiple cross-site scripting XSS vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by...

SUSE CVE-2012-2150

xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image...

SUSE CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes...