WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts

By default, the plugin allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. A subscriber, upon registering an account with a site with the WP Pagebuilder plugin, could immediately modify or delete...

Far-Right Platform Gab Has Been Hacked—Including Private Data

The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists...

Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...

Working Together with Our Customers to Build a Sustainable Future

By now, we hope you've read Monday's and Tuesday's blog posts announcing the release of our annual sustainability report, our sustainability program, and the technical innovation behind it...

An Absurdly Basic Bug Let Anyone Grab All of Parler's Data

The “free speech” social network also allowed unlimited access to every public post, image, and video...

IPS Community Suite Cross-Site Scripting Vulnerability

IPS Community Suite is an Internet community software produced mainly by Invision Power Services, which is written in PHP and uses MySQL as a database management system. Versions of IPS Community Suite prior to 4.5.4.2 are vulnerable to a cross-site scripting vulnerability during a quoted post or...

CVE-2021-3026

Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment...

Invision Community 跨站脚本漏洞

IPS Community Suite is an Internet community software produced mainly by Invision Power Services, which is written in PHP and uses MySQL as a database management system. Versions of IPS Community Suite prior to 4.5.4.2 are vulnerable to a cross-site scripting vulnerability during a quoted post or...

Likely lead generation scam targets potential Malwarebytes MSP partners

Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...

Osi.Ig - Information Gathering Instagram

The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: profile : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined...

Nextcloud Social app access control error vulnerability

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

Improper access control

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...

Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack. To bypass the nonce validation, just don't send the crpexportsettingsnonce or...

Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack. PoC To bypass the nonce validation, just don't send the crpexportsettingsnonce or...

WordPress Contextual Related Posts plugin <= 2.9.3 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability

Cross-Site Request Forgery CSRF Nonce Validation Bypass vulnerability found by Lenon Leite in WordPress Contextual Related Posts plugin versions = 2.9.3. Solution Update the WordPress Contextual Related Posts plugin to the latest available version at least 2.9.3...

Nextcloud Social app 访问控制错误漏洞

Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...

Improper access control to messages of Social app (NC-SA-2020-042)

Improper access control in Social app 0.3.1 allowed to read posts of any user...