CVE-2025-11872 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

EUVD-2025-35341

The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2025-11872

CVE-2025-11872 affects the Material Design Iconic Font Integration plugin for WordPress (versions

WordPress Material Design Iconic Font Integration plugin <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Material Design Iconic Font Integration versions = 2...

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...

WooThumbs for WooCommerce by Iconic < 5.5.4 - Reflected Cross-Site Scripting

Description The WooThumbs for WooCommerce by Iconic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-29116

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3...

CVE-2024-29116 WordPress WooThumbs for WooCommerce by Iconic plugin <= 5.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3...

PT-2024-22737 · Iconics · Woothumbs For Woocommerce

Name of the Vulnerable Software and Affected Versions: WooThumbs for WooCommerce by Iconic versions through 5.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

WordPress WooThumbs for WooCommerce by Iconic Plugin <= 5.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WooThumbs for WooCommerce by Iconic Type Plugin Vulnerable versions = 5.5.3 Fixed in 5.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29116 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d034def295d9 Credits Dave Jong...

7 Rapid Questions with #77 Ray Bourque

We couldn’t pass up the opportunity to bring Boston Bruins legend Ray Bourque into the herd as we continue to expand our Bruins jersey sponsorship. Ray is an absolute hero to Bruins fans everywhere. He has cemented his status in the annals of Boston sports history through 21 seasons in the black...

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the...

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose...

Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack

The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said ...

brander (>=0.1.6 <=0.1.9), chin-plugin-convert-svg (>=0.0.1 <=0.0.3) +3 more potentially affected by CVE-2021-23631 via convert-svg-to-jpeg (>=0.3.3 <=0.5.0)

convert-svg-to-jpeg NPM version =0.3.3, =0.1.6, =0.0.1, =0.0.3, =0.2.6, =0.2.21 - xd2svg =0.8.0 Source cves: CVE-2021-23631 Source advisory: OSV:GHSA-JV7G-9G6Q-CXVW...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

brander (>=0.1.6 <=0.1.9), chin-plugin-convert-svg (>=0.0.1 <=0.0.3) +3 more potentially affected by CVE-2021-23631 via convert-svg-to-jpeg (>=0.3.3 <=0.5.0)

convert-svg-to-jpeg NPM version =0.3.3, =0.1.6, =0.0.1, =0.0.3, =0.2.6, =0.2.21 - xd2svg =0.8.0 Source cves: CVE-2021-23631 Source advisory: SNYK:JS-CONVERTSVGTOJPEG-2348245...

iconic-av.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-551630 Description| Value ---|--- Affected Website:| iconic-av.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Iconic - Guess Character Quiz - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Iconic - Guess Character Quiz published at the 'play' market has multiple vulnerabilities...

Elizabeth Taylor's Death Triggers Spam Campaign

Yesterday we learned that Elizabeth Taylor, an American icon for some seven decades, died of congestive heart failure at 79. Today, Kaspersky Lab expert Dmitry Bestuzhev informs us that the news of her death is being exploited via social engineering scams on Twitter. The scam uses a shortened,...