Lucene search
K

79 matches found

OSV
OSV
added 2023/03/29 1:15 p.m.5 views

CVE-2022-38077

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 1:15 p.m.22 views

CVE-2022-38077

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
Prion
Prion
added 2023/03/29 1:15 p.m.19 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

6.8CVSS8.7AI score0.00256EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/29 12:19 p.m.50 views

CVE-2022-38077

CVE-2022-38077 is a CSRF vulnerability affecting the WP OnlineSupport / Popup Anything plugin for WordPress, in versions ≤ 2.2.1. The issue permits unauthorized cross-site requests that can be executed by an attacker due to unauthenticated access requirements. A fix has been released: upgrade to ...

8.8CVSS6.5AI score0.00256EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/29 12:19 p.m.31 views

CVE-2022-38077 WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...

4.3CVSS9AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/27 9:15 a.m.5 views

CVE-2022-1776

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00558EPSS
Exploits2References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:10 p.m.4 views

Malicious code in here_lead_generation_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:10 p.m.4 views

MAL-2022-3614 Malicious code in here_lead_generation_v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available version at least 1.2.2...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available versi...

3.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/19 3:15 p.m.1 views

CVE-2021-36832

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram versions = 2.0.2 vulnerable at "Headline" &messagedata16headline input...

5.4CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00552EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2020/12/21 11:52 a.m.34 views

A week in security (December 14 – December 20)

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/12/16 7:42 p.m.72 views

Likely lead generation scam targets potential Malwarebytes MSP partners

Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/10/29 9:45 a.m.5 views

How to Run Google SERP API Without Constantly Changing Proxy Servers

You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several...

5.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/11/22 4:54 p.m.55 views

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media source...

6.6AI score
Exploits0References6
Packet Storm
Packet Storm
added 2019/01/28 12:0 a.m.67 views

WordPress Yeloni Free Exit Popup 8.1.9 SQL Injection

Exploit Title : WordPress Yeloni Free Exit Popup Plugins 8.1.9 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : yeloni.com Software Download Link : downloads.wordpress.org/plugin/yeloni-free-exit-popup.zip Software...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/11/30 4:29 a.m.12 views

searchsmartlocal.com XSS vulnerability

Open Bug Bounty ID: OBB-444247 Description| Value ---|--- Affected Website:| searchsmartlocal.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

6.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/25 3:24 p.m.44 views

Got Robocalled? Don’t Get Mad; Get Busy.

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who...

6.6AI score
Exploits0
Rows per page
Query Builder