Exploit for Missing Authorization in Wpmet Metform_Elementor_Contact_Form_Builder

CVE-2022-1442 WordPress Plugin Metform = 2.1.3 - Improper...

MAL-2022-3373 Malicious code in github-helpscout-collector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea56364b70dfd24af3b94c8e4d77d2c9b285cd18d9863e350c651f446d6060ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in github-helpscout-collector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea56364b70dfd24af3b94c8e4d77d2c9b285cd18d9863e350c651f446d6060ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

Improper access control

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

CVE-2022-1442 affects the WordPress Metform plugin up to version 2.1.3. The vulnerability stems from improper access control in the ~/core/forms/action.php file, allowing an unauthenticated attacker to view API keys and secrets for multiple integrated third‑party services (e.g., PayPal, Stripe, M...

WordPress plugin Metform 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Metform is vulnerable to an information disclosure vulnerability, which stems from...

PT-2022-13893

Name of the Vulnerable Software and Affected Versions Metform WordPress plugin versions up to and including 2.1.3 Description The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file. This can be exploited by ...

Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure

The is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs such as PayPal, Stripe, Mailchimp, Hubspot, HelpScout,...

Basecamp: DNS Setup allows sending mail on behalf of other customers

Sent on your behalf I knew basecamp themselves had used helpscout for support, so I was curious to see if hey was doing the same. A quick DNS lookup gave me the answer I was looking for: dig hey.com txt ; DiG 9.10.6 hey.com txt ;; global options: +cmd ;; Got answer: ;; -HEADER DiG 9.10.6...

Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...

Trello: Full Sub Domain Takeover at help.trello.com.

Hey The subdomain http://help.trello.com./ uses helpscout to host docs While helpscout does not distinguish between help.trello.com. and help.trello.com Notice trailing dot I created a test page and hosted it for help.trello.com. and since DNS entry is already present http://help.trello.com./ now...