CVE-2024-54353

Cross-Site Request Forgery CSRF vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through = 3.17...

CVE-2024-54353 WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through = 3.17...

CVE-2024-54353

CVE-2024-54353 is a CSRF-to-Stored XSS issue in the WordPress Hack-Info plugin (Hack-Info), affecting versions up to 3.17. The vulnerability’s description confirms Cross-Site Forgery to Stored Cross-Site Scripting. Red Hat and ENISA records corroborate the CVE entry; Wordfence notes the vulnerabi...

CVE-2024-54353 WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through = 3.17...

PT-2024-36239 · Unknown · Wpgear Hack-Info

Name of the Vulnerable Software and Affected Versions: WPGear Hack-Info versions n/a through 3.17 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

WordPress plugin Hack-Info 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hack-Info versions = 3.17...

Andrew Tate’s ‘Educational Platform’ Was Hacked

Plus: The worst telecom hack in US history rolls on, iPhones are harder to break into, and more of the week’s top security news...

Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka aka Judische and Waifu, was...

The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President

A successful CIA hack of Venezuela's military payroll system, insider fights for spy agency resources, and messy opposition politics: A WIRED investigation reveals a secret Trump-era attempt to oust autocratic ruler Nicolás Maduro...

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head...

Dutch Police Hacked, 63,000 Officers’ Details Exposed

A foreign government is believed to have hacked into the Dutch police force's systems, exposing the contact details…...

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase...

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps IRGC for their targeting of current and former officials to steal sensitive data. The Department of Justice DoJ accused Masoud Jalili,...

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a...

The US Navy Has Run Out of Pants

Plus: The US intelligence community formally blames Iran for Trump campaign hack, aircraft-tracking platform FlightAware says a “configuration error” exposed sensitive user data, and more...

Malicious code in hack-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bedfa0b9b013ca3de0418ac30c7192adef27902eee78ae8bdf2d74afe652c3e2 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2024-12281 Malicious code in hack-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bedfa0b9b013ca3de0418ac30c7192adef27902eee78ae8bdf2d74afe652c3e2 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of What The Hack. When installed from the official Microsoft...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...