WordPress Meris theme <= 1.2.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Angelo Delicato in WordPress Theme Meris versions = 1.1.2...

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847 targeting RouterOS-based routers. The tool, named Meris RouterOS Checker, checks a list of IP addresses to validate if they were infected with Meris. It uses the RouterOS API, SSH, and WinBox to connect to the routers and attempt to exploit the...

MAL-2025-35768 Malicious code in test-mlw2-meris-nudie-muons-aunts (npm)

The package test-mlw2-meris-nudie-muons-aunts was found to contain malicious code...

Malicious code in test-mlw2-meris-pulpy (npm)

The package test-mlw2-meris-pulpy was found to contain malicious code...

MAL-2025-35769 Malicious code in test-mlw2-meris-pulpy (npm)

The package test-mlw2-meris-pulpy was found to contain malicious code...

MAL-2025-35246 Malicious code in test-mlw2-dules-meris-abbes-rimer (npm)

The package test-mlw2-dules-meris-abbes-rimer was found to contain malicious code...

Malicious code in test-mlw2-meris-nudie-muons-aunts (npm)

The package test-mlw2-meris-nudie-muons-aunts was found to contain malicious code...

CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-7194 Meris <= 1.1.2 - Reflected XSS

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-7194

The Meris WordPress theme (versions up to 1.1.2) is susceptible to Reflected XSS because it does not sanitize/escape certain parameters before output. This could affect high-privilege accounts (e.g., admins). Public details confirm the issue and point to a fix in newer versions; monitoring is adv...

CVE-2023-7194 Meris <= 1.1.2 - Reflected XSS

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-15222 · WordPress · Meris

Name of the Vulnerable Software and Affected Versions: Meris WordPress theme versions 1.1.2 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the theme does not properly sanitise and escape certain parameters before outputting them back in the...

WordPress theme Meris security vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Meris version 1.1.2 and earlier versions, which...

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin alert/XSS-areaname/" / alert/XSS-num/' /...

The Link Between AWM Proxy & the Glupteba Botnet

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy -- a 14-year-old anonymity service that rents hacked PCs to...

Massive Meris Botnet Embeds Ransomware Notes from REvil

Hey webop\geeks, you\are\already\dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. Imperva reported the interesting twist on Friday – one of several it’s seen in the evolution of...

Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...