WordPress Easy Google Maps Plugin <= 1.11.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Easy Google Maps Type Plugin Vulnerable versions = 1.11.11 Fixed in 1.11.12 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-31269 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f70627a958a7 Credits Steven Julian Requir...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.10.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.10.1 Fixed in 2.10.2 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-1640 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 608867152d52 Credits...

WordPress Image Tag Manager Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Image Tag Manager Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-22160 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21a3315fa407 Credits Dimas Maulana Required...

[Responsible disclosure] Hacking Facebook.com/thanks Posting on behalf of your friends!

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Facebook recently introduced "Say Thanks", an experience that lets Facebook user to create personalized video cards for their facebook friends. To create a Thanks...