Lucene search
+L

150 matches found

CVE
CVE
added 2022/12/26 12:28 p.m.76 views

CVE-2022-4120

The CVE-2022-4120 entry documents a vulnerability in the Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin. Prior to version 2022.6, the plugin passes base64-encoded user input to PHP’s unserialize() when CAPTCHA is used as the second challenge, which can lead to PHP Obj...

9.8CVSS9.7AI score0.18121EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.10 views

PT-2022-25722 · WordPress · Stop Spammers Security

Name of the Vulnerable Software and Affected Versions: The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2022.6 Description: The issue arises when the plugin passes base64 encoded user input to the unserialize PHP function, specifically when CAPTCHA...

9.8CVSS9.6AI score0.18121EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.6 views

WordPress Plugin Stop Spammers Security 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.8CVSS8.4AI score0.18121EPSS
Exploits2References2
Malwarebytes
Malwarebytes
added 2022/07/11 8:40 a.m.34 views

Tech support scammers caught by their own cameras

A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter, turned his attention to Punjab in...

6.6AI score
Exploits0
Huntr
Huntr
added 2022/04/20 3:30 p.m.16 views

no spoofing protection on email domain (No Valid SPF Records.)

What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...

7AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2022/03/14 10:52 a.m.20 views

A week in security (March 7 – March 13)

Last week on Malwarebytes Labs: The struggle to reduce bug-fixing time is real Update now! Mozilla patches two actively exploited vulnerabilities Google takes on Docs notification spammers When fake dating profiles try the military approach Azure AutoWarp brings automation headaches RagnarLocker...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/08 11:31 a.m.18 views

Google takes on Docs notification spammers

Cloud-based document suites have always been a hot target for scammers. When it’s easy to dip in and out for collaboration purposes, or just share things generally, then its likely that bad people will want in on the action. In 2019, Google calendar users were wading through endless spam...

0.1AI score
Exploits0
CNVD
CNVD
added 2022/01/25 12:0 a.m.44 views

libspf2 buffer overflow vulnerability (CNVD-2022-19088)

libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a...

9.8CVSS5.2AI score0.09643EPSS
Exploits1References1
Fedora
Fedora
added 2021/09/26 12:16 a.m.35 views

[SECURITY] Fedora 35 Update: libspf2-1.2.11-1.20210922git4915c308.fc35

libspf2 is an implementation of the SPF Sender Policy Framework specification as found at: http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt SPF allows email systems to check SPF DNS records and make sure that an email is authorized by the administrator of the domain name that it is...

9.8CVSS9.4AI score0.0281EPSS
Exploits0
OSV
OSV
added 2021/09/06 11:15 a.m.5 views

CVE-2021-24517

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed...

5.4CVSS6.1AI score0.00624EPSS
Exploits2References1
Prion
Prion
added 2021/09/06 11:15 a.m.17 views

Cross site scripting

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed...

3.5CVSS5.1AI score0.00624EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/06 11:9 a.m.19 views

CVE-2021-24517 Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed...

5.4AI score0.00624EPSS
Exploits2References1
CVE
CVE
added 2021/09/06 11:9 a.m.45 views

CVE-2021-24517

The CVE-2021-24517 entry concerns the WordPress plugin Stop Spammers Security (before version 2021.18). The vulnerability arises because the plugin does not escape certain settings, enabling authenticated users with high privileges (e.g., admin) to inject Cross-Site Scripting payloads even when u...

5.4CVSS5.1AI score0.00624EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Plugin Stop Spammers Security, which stems...

5.4CVSS5.6AI score0.00624EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.545 views

Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed Put the following payload in any of the API field of the Web Services settings: " autofocus...

5.4CVSS0.5AI score0.00624EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.20 views

Stop Spammers Security < 2021.18 - Authenticated Stored XSS

The plugin does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the API field of the Web Services settings: " autofocus...

5.4CVSS2.3AI score0.00624EPSS
Exploits2Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/06/01 12:0 a.m.13 views

WordPress Stop Spammers Plugin Cross Site Scripting (CVE-2021-24245)

A cross site scripting vulnerability exists in WordPress Stop Spammers plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.3CVSS4.8AI score0.05721EPSS
Exploits5
0day.today
0day.today
added 2021/05/19 12:0 a.m.61 views

WordPress Stop Spammers 2021.8 Plugin - (log) Reflected Cross-site Scripting Vulnerability

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link: https://downloads.wordpress.org/plugin/stop-spammer-registrations-plugin.zip...

6.1CVSS0.3AI score0.05721EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.376 views

WordPress Stop Spammers 2021.8 Cross Site Scripting

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...

4.3CVSS6.3AI score0.05721EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.782 views

WordPress Plugin Stop Spammers 2021.8 - &#039;log&#039; Reflected Cross-site Scripting (XSS)

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...

6.1CVSS6.5AI score0.05721EPSS
Exploits5
Rows per page
Query Builder