79 matches found
CVE-2022-38077
Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...
CVE-2022-38077
Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...
CVE-2022-38077
CVE-2022-38077 is a CSRF vulnerability affecting the WP OnlineSupport / Popup Anything plugin for WordPress, in versions ≤ 2.2.1. The issue permits unauthorized cross-site requests that can be executed by an attacker due to unauthenticated access requirements. A fix has been released: upgrade to ...
CVE-2022-38077 WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin = 2.2.1 versions...
CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
Malicious code in here_lead_generation_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3614 Malicious code in here_lead_generation_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available version at least 1.2.2...
WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available versi...
CVE-2021-36832
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram versions = 2.0.2 vulnerable at "Headline" &messagedata16headline input...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...
A week in security (December 14 – December 20)
Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...
Likely lead generation scam targets potential Malwarebytes MSP partners
Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...
How to Run Google SERP API Without Constantly Changing Proxy Servers
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several...
Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak
An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media source...
WordPress Yeloni Free Exit Popup 8.1.9 SQL Injection
Exploit Title : WordPress Yeloni Free Exit Popup Plugins 8.1.9 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : yeloni.com Software Download Link : downloads.wordpress.org/plugin/yeloni-free-exit-popup.zip Software...
searchsmartlocal.com XSS vulnerability
Open Bug Bounty ID: OBB-444247 Description| Value ---|--- Affected Website:| searchsmartlocal.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
Got Robocalled? Don’t Get Mad; Get Busy.
Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who...