78 matches found
CVE-2024-53723
CVE-2024-53723 refers to a Cross-Site Request Forgery (CSRF) that enables Stored XSS in the WordPress plugin Google Plus Share and +1 Button . The advisory states the issue affects versions from n/a through 1.0. The provided documents do not specify a vendor patch, mitigation, or exploit details....
WordPress plugin Google Plus Share and +1 Button 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2024-35831 · Unknown · Google Plus Share/+1 Button
Name of the Vulnerable Software and Affected Versions: A.Cihangir BALTACI Google Plus Share and +1 Button versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Google Plus Share and +1 Button. This means an attacker can...
WordPress Google Plus Share and +1 Button Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Google Plus Share and +1 Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53723 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1172091fa78a Credits SOPROBR...
A week in security (December 10 – 16)
Last week on Labs, we took a look at some new Mac malware, a collection of various scraped data dumps, the protection of power grids, and how bad actors are using SMB vulnerabilities. Other cybersecurity news Millions affected by Facebook photo API bug: An issue granted third-party apps more acce...
Google Plus hit by another breach – Data of 52.5M users exposed
By Waqas Google Plus has been hit by yet another bug forcing the company to shut down the social media site earlier than previously anticipated. In October this year, Google revealed that a bug was present in the API for the consumer version of Google Plus Google+ that allowed third-party...
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...
Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...
Leaked? 2.0 - A Checking Tool For Hash Codes, Passwords And Emails Leaked
Leaked? is A Checking tool for Hash codes and Passwords and Emails leaked, uses leakz module from Aidan Holland, and leakz module uses API from Aurelius Wendelken. Leaked? can work in any OS if they have support Python 3 and 2. What's new? Check email leaked Update More friendly for users Support...
The Offensive Web Application Penetration Testing Framework: TIDoS
TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...
Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authenticated Reflected XSS
There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wdfbogerror parameter on a GET request when editing a post. This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link. This vulnerabilit...
WordPress Yakadanda Google+ Hangout Events Plugin Cross-Site Scripting Vulnerability
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blog sites on servers running PHP and MySQL.Yakadanda Google+ Hangout Events is one of the widgets that will generate the associated Google+ Hangou...
[SECURITY] Fedora 25 Update: drupal7-metatag-1.21-1.fc25
The Metatag module allows you to automatically provide structured metadata, aka "meta tags", about your website. In the context of search engine optimization, when people refer to meta tags they are usually referring to the meta description tag and the meta keywords tag that may help improve the...
WordPress Google Plus One Button By KMS 1.5.0 CSRF / XSS
Title: WordPress 'Google 'Plus one' Button by kms' Plugin Version: 1.5.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: - https://wordpress.org/plugins/google-plus-one-button-by-kms/ - https://plugins.svn.wordpress.org/google-plus-one-button-by-kms/ Notified...
[Social Password Decryptor v4.0] All-in-one Social Network Password Recovery Software
Social Password Decryptor is the FREE software to instantly recover Passwords for popular Social Networks such as Facebook, Twitter, Google Plus etc. It can automatically discover and recover all the social passwords stored by web browsers & messengers including Firefox, Chrome, IE, GTalk and mor...
DDoS Attack Using Google Plus Servers
A Security expert at Italian security firm AIR Sicurezza Informatica has claimed that Google's servers vulnerability allows a hacker to exploit the search giant's bandwidth to launch a distributed denial-of-service DDoS attack on any targeted server. On the IHTeam Security Blog, the author of the...
Slideshow: Ten Tips For Securing Your Google+ Account
Google’s new social network is growing fast, with more than 10 million users in its first week of operation. That’s not too bad for an invite-only Closed Beta release! The new social network is also a hit with users, unlike previous efforts like Orkut and Buzz. As with any social network, however...
Pseudonyms A Pseudo Controversy With Google+
Mark Twain, Joseph Conrad and Stan Lee need not apply to Google’s hot new social network, Google+. The Web search giant, it seems, isn’t interested in pseudonyms or other phony identities. Its IRL in real life all the time – and that’s a problem, according to a spate of news articles this week. B...