WordPress "Any Popup – Popup Forms, Optins & Ads" plugin <= 1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress "Any Popup – Popup Forms, Optins & Ads" plugin versions = 1.0. Solution No patched version available...

WordPress Broadcast Lite theme < 2.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Broadcast Lite theme versions 2.0.3. Solution Update the WordPress Broadcast Lite theme to the latest available version at least 2.0.3...

WordPress Extreme Blocks plugin < 0.8.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Extreme Blocks plugin versions 0.8.1. Solution Update the WordPress Extreme Blocks plugin to the latest available version at least 0.8.1...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...

WordPress Elasta theme < 1.0.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Elasta theme versions 1.0.8. Solution Update the WordPress Elasta theme to the latest available version at least 1.0.8...

WordPress Sparrow: Product Reviews and Ratings for WooCommerce plugin <= 2.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Sparrow: Product Reviews and Ratings for WooCommerce plugin versions = 2.0.2. Solution No patched version available...

WordPress Automatic YouTube Gallery plugin < 1.6.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Automatic YouTube Gallery plugin versions 1.6.5. Solution Update the WordPress Automatic YouTube Gallery plugin to the latest available version at least 1.6.5...

WordPress Noted PRO plugin <= 1.02 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Noted PRO plugin versions = 1.02. Solution No patched version available...

WordPress Speculor theme <= 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Speculor theme versions = 1.2.0. Solution No patched version available...

WordPress Cost Calculator Builder plugin < 2.3.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Cost Calculator Builder plugin versions 2.3.3. Solution Update the WordPress Cost Calculator Builder plugin to the latest available version at least 2.3.3...

WordPress Past Events Extension plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Past Events Extension plugin versions = 1.0.1. Solution No patched version available...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin < 1.2.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin versions 1.2.4. Solution Update the WordPress Scrollsequence – Cinematic Scroll Image Animation Plugin plugin to the latest available...

WordPress Revolution for Elementor plugin <= 0.0.19 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Revolution for Elementor plugin versions = 0.0.19. Solution No patched version available...

WordPress Easy Code Snippets plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Code Snippets plugin versions = 1.0.0. Solution Update the WordPress Easy Code Snippets plugin to the latest available version at least 1.0.1...

WordPress Easy Tiktok Feed plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Easy Tiktok Feed plugin versions = 1.1.0. Solution Update the WordPress Easy Tiktok Feed plugin to the latest available version at least 1.1.1...

WordPress The Events Calendar plugin < 5.14.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress The Events Calendar plugin versions 5.14.0.4. Solution Update the WordPress The Events Calendar plugin to the latest available version at least 5.14.0.4...

Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices

ASUSTOR network-attached storage NAS devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates ADM 4.0.4.RQO2 to "fix related security issues." The...

Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...