Lucene search
+L

70 matches found

Vulnrichment
Vulnrichment
added 2024/04/10 5:41 p.m.12 views

CVE-2024-31943 WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2...

4.3CVSS5.1AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/10 5:41 p.m.26 views

CVE-2024-31943 WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2...

4.3CVSS4.9AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2024/04/10 5:41 p.m.61 views

CVE-2024-31943

CVE-2024-31943 is a CSRF vulnerability in USPS Shipping for WooCommerce – Live Rates (affected:

4.3CVSS5.1AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.6 views

WordPress Plugin USPS Shipping for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin USPS Shipping for...

4.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.11 views

WordPress USPS Shipping for WooCommerce – Live Rates Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software USPS Shipping for WooCommerce – Live Rates Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31943 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3853ce4c77cb...

4.3CVSS6.7AI score0.00188EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2024/03/28 9:15 p.m.10 views

New iMessage Phishing Campaign Targets Postal Service Users Globally

By Waqas Some of the known targets of this iMessage phishing campaign are USPS the United States Postal Service, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.12 views

Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
The Hacker News
The Hacker News
added 2024/02/16 10:49 a.m.32 views

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services AWS Simple Notification Service SNS. The SMS phishing messages are designed to propagate malicious links that are designed to capture victims'...

9.8CVSS9.5AI score0.12661EPSS
Exploits0
HackRead
HackRead
added 2023/12/05 1:43 p.m.15 views

USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data

By Deeba Ahmed Walmart customers have become the prime target of this phishing scam. This is a post from HackRead.com Read the original post: USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data...

7.2AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/10/09 8:39 p.m.25 views

Phishers Spoof USPS, 12 Other Natl’ Postal Services

The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service USPS customers. Heres a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services i...

6.8AI score
Exploits0
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress Advanced USPS Shipping Method Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced USPS Shipping Method Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a753901c3acc Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2023/07/10 1:0 a.m.14 views

A week in security (July 3 - 9)

Last week on Malwarebytes Labs: How kids pay the price for ransomware attacks on education Solar monitoring systems exposed: Secure your devices Warning issued over vulnerability in cardiac device monitoring software Update Android now! Google patches three actively exploited zero-days Malicious ...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/05/02 10:8 p.m.13 views

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service USPS has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the networks chief technolo...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/18 11:27 a.m.21 views

A week in security (April 11 – 17)

Last week on Malwarebytes Labs: Credential-stealing malware disguises itself as Telegram, targets social media users Old Play Store apps served notice by upcoming API level changes Denonia cryptominer is first malware to target AWS Lambda Ransomware: March 2022 review Why identity management...

1.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/12 10:37 a.m.22 views

USPS “Your package could not be delivered” text is a smishing scam

A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2022/01/27 3:0 p.m.23 views

Shipment-Delivery Scams Become the Favored Way to Spread Malware

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...

7AI score
Exploits0References11
Openbugbounty
Openbugbounty
added 2021/08/21 10:25 a.m.17 views

usps-track.us Cross Site Scripting vulnerability OBB-2120899

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Wired Threat Level
Wired Threat Level
added 2020/08/27 6:59 p.m.14 views

How to Vote by Mail and Make Sure It Counts

There's a lot going on with the USPS right now. Here's a complete state-by-state guide to how to get your ballot—and when it's due...

1.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/12/03 6:6 p.m.65 views

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siriurz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strik...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2019/11/22 10:49 p.m.133 views

ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes

As it gets harder for cybercriminals to bypass business email compromise BEC defenses, some hackers are switching from email scams to real-mail cons. Researchers at Flashpoint said they are monitoring hacker forums where criminals are swapping tips on a growing ID theft and financial crime area,...

7AI score
Exploits0References5
Rows per page
Query Builder