CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

CVE-2026-1215 MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

CVE-2026-1215 MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

CVE-2026-1215

CVE-2026-1215 : The MMA Call Tracking WordPress plugin is vulnerable to Cross-Site Request Forgery up to and including version 2.3.15 due to missing nonce validation on the mma_call_tracking_menu admin page. Unauthenticated attackers could modify configuration by tricking an admin into forging a ...

PT-2026-7496

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mma call tracking menu admin page. This makes it possible for unauthenticated...

WordPress MMA Call Tracking plugin <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MMA Call Tracking versions = 2.3.15...

Malicious code in kapio-samunu-mma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2635b41a87ca21f222c674f212325f00e739c7d391f4eaa6bb3ec9ec4140853d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-141176

Malicious code in kapio-samunu-mma npm...

A Swedish MMA Tournament Spotlights the Trump Administration's Handling of Far-Right Terrorism

A member of a California-based fight club seems to have attended an event hosted by groups with ties to an organization the US government labeled a terrorist group. Will the Trump administration care?...

MAL-2024-7974 Malicious code in mma-mfe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8182885b22933b5448abffbda9800a7a8417790bac7a8de29742961e393c6bd5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mma-mfe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8182885b22933b5448abffbda9800a7a8417790bac7a8de29742961e393c6bd5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

mma-architects.com Cross Site Scripting vulnerability OBB-3905315

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mma-blackbelt-brasil.com Cross Site Scripting vulnerability OBB-3472768

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mma-factory.fr Cross Site Scripting vulnerability OBB-2820479

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mma-factory.fr Cross Site Scripting vulnerability OBB-2136007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

geocatalogo.mma.gov.br Open Redirect vulnerability OBB-2134723

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

mmasavezsrbije.org Cross Site Scripting vulnerability OBB-1298512

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Twitch Has Become a Haven for Live Sports Piracy

As the platform gains more mainstream popularity, illicit livestreams of soccer, boxing, and MMA matches have become trivial to find...

mma.gov.br XSS vulnerability

Open Bug Bounty ID: OBB-654013 Description| Value ---|--- Affected Website:| mma.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Jose-php Information Disclosure Vulnerability

jose-php is suitable for PHP JSON object signature and encryption library . A security vulnerability exists in versions of jose-php before 2.2.1, due to the lack of a random padding mechanism in the implementation of the RSA 1.5 algorithm in the JWE.php/JOSEJWE class. A remote attacker can obtain...