Lucene search
K

5 matches found

The Hacker News
The Hacker News
added 2024/06/25 3:32 a.m.24 views

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.14 views

PT-2024-3990

Name of the Vulnerable Software and Affected Versions Progress Telerik Report Server versions 2024 Q1 10.0.24.305 or earlier Description The issue is related to an authentication bypass vulnerability in Progress Telerik Report Server, allowing an unauthenticated attacker to gain access to...

9.9CVSS5.9AI score0.97482EPSS
Exploits14References62
The Hacker News
The Hacker News
added 2023/03/13 12:24 p.m.2 views

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, t...

6.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/06/02 12:0 a.m.30 views

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

5.4CVSS0.1AI score0.00624EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/06/02 12:0 a.m.629 views

GetPaid < 2.3.4 - Authenticated Stored XSS

In the plugin, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is...

5.4CVSS0.00624EPSS
Exploits2
Rows per page
Query Builder