Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

WordPress Magazine Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software Magazine Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53248 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c0ab4f8e53f9 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by hamza alhababseh in WordPress Plugin Membership For WooCommerce versions = 2.9.0...

WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Le Ngoc Anh in WordPress Plugin PDF 2 Post versions = 2.4.0...

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

WordPress Clean Retina Theme <= 3.0.6 is vulnerable to Local File Inclusion

Software Clean Retina Type Theme Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-50436 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e56d05b5bd53 Credits tahu.datar Required privilege Unauthenticate...

WordPress Tax Rate Upload Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Tax Rate Upload Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32546 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e0f99a4ecd9c Credits Dimas Maulana Required privilege...

MAL-2024-817 Malicious code in wlwz-2312-7108 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a59b45506c3694870f405e7c881ccb74f2ba12d1d186cb267ec165f926480fa4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Backup Bolt Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Backup Bolt Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6cdb95fd5dfc Credits Rafie Muhammad Patchstack Required...

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1868 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b65addd676af Credit...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

CVE-2024-10347

...