Lucene search
K

87 matches found

Patchstack
Patchstack
added 2026/02/03 1:18 a.m.6 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

6.4CVSS5.4AI score0.00404EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 12:39 p.m.5 views

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

6.4CVSS5.4AI score0.00707EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in @zalastax/nolb-ngo (npm)

The package @zalastax/nolb-ngo was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-12516 Malicious code in @zalastax/nolb-ngo (npm)

The package @zalastax/nolb-ngo was found to contain malicious code...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 11:51 a.m.27 views

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard aka Laundry Bear that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to...

7.7AI score
Exploits0
Patchstack
Patchstack
added 2024/12/11 4:57 p.m.3 views

WordPress SeedProd Pro plugin < 6.18.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ngô Thái An Patchstack Alliance in WordPress Plugin SeedProd Pro versions 6.18.13...

7.6CVSS8.1AI score0.00521EPSS
Exploits0Affected Software1
Talos Blog
Talos Blog
added 2024/12/05 7:2 p.m.8 views

The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight

Welcome to this week's edition of the Threat Source newsletter. I am unbelievably lucky to do the work that I do. My title is technically 'Senior Security Strategist'. It's a very fancy title, but basically: I get to research threats with my colleagues and friends to keep people safe here at Talo...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/22 5:6 p.m.9 views

Meta takes down more than 2 million accounts in fight against pig butchering

Meta provided insight this week into the company's efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The...

6.7AI score
Exploits0
Patchstack
Patchstack
added 2024/09/05 4:14 a.m.5 views

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by lowol ngo Patchstack Alliance in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.5...

6.5CVSS6.1AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:13 p.m.3 views

WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin ElementsKit Pro versions = 3.6.0...

6.5CVSS7AI score0.00618EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/26 9:38 a.m.5 views

WordPress WP Delicious plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin WP Delicious versions = 1.6.7...

6.5CVSS6.1AI score0.0024EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:29 a.m.5 views

WordPress Element Pack Elementor Addons plugin <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via titletag vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Element Pack Elementor Addons versions = 5.7.6...

6.4CVSS5.8AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/07 1:20 p.m.4 views

WordPress Blockspare plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Blockspare versions = 3.2.0...

6.5CVSS6.1AI score0.00245EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2024/07/23 12:28 p.m.24 views

Chinese Hackers Target Taiwan and US NGO with MgBot Malware

Organizations in Taiwan and a U.S. non-governmental organization NGO based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage,"...

6.9AI score
Exploits0
Patchstack
Patchstack
added 2024/07/10 1:47 p.m.3 views

WordPress Arkhe Blocks plugin 2.22.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Arkhe Blocks versions = 2.22.1...

6.5CVSS6.1AI score0.00312EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/06 2:35 p.m.6 views

WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Livemesh Addons for Elementor versions = 8.4.0...

6.5CVSS7AI score0.00519EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/18 4:15 p.m.6 views

WordPress DImage 360 plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin DImage 360 versions = 2.0...

6.5CVSS6.1AI score0.0026EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/24 7:34 a.m.6 views

WordPress Spectra plugin <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Spectra versions = 2.13.0...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/29 4:34 p.m.4 views

WordPress PB MailCrypt plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin PB MailCrypt versions = 3.1.0...

6.5CVSS6.1AI score0.00305EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/29 4:3 p.m.7 views

WordPress Giphypress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Giphypress versions = 1.6.2...

6.5CVSS6.1AI score0.00308EPSS
Exploits0Affected Software1
Rows per page
Query Builder