PT-2024-25695 · Minder · Minder

Name of the Vulnerable Software and Affected Versions: Minder versions prior to 0.0.48 Description: Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 304 vulnerabilities disclosed in 232 WordPres...

GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

CRI-O vulnerable to an arbitrary systemd property injection

Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169 WordPres...

GHSA-74P6-39F2-23V3 Blind SSRF Leads to Port Scan by using Webhooks

Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco version 13.0.0 and earlier, which originates from a vulnerability that allows an attacker to view webhook logs while in debug mode, which could lead to...

PT-2024-22688

Name of the Vulnerable Software and Affected Versions Umbraco versions 13.0.0 through 13.1.0 Description The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. Recommendations For Umbraco versions 13.0.0...

CVE-2024-32134

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134

CVE-2024-32134 is an Authenticated (Administrator+) SQL Injection in the WordPress plugin Forms to Zapier/Integromat/IFTTT/Workato/Automate.io/elastic.io/Built.io/APIANT/Webhook, affecting versions up to 1.1.12. Root cause is improper neutralization of input used in SQL commands. Public exploitat...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin <= 1.1.12 is vulnerable to SQL Injection

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions = 1.1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32134 Patch priority Low CVSS severity Low 7.6 Developer Claim...

PT-2025-26319 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 Description: An issue was discovered in GitLab EE where webhook deletion audit log preserved auth credentials. Recommendation...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320 WordPres...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 74 vulnerabilities disclosed in 56 WordPress...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88 WordPress...

CVE-2024-28216

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...

CVE-2024-28215

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...

PT-2024-22342 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is caused by a lack of access control, allowing an attacker to obtain the results of webhook requests. This could lead to information disclosure and limited Server-Side Request Forgery...

PT-2024-22341 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is related to a lack of access control, allowing an attacker to create or update webhook configuration. This could lead to information disclosure and limited Server-Side Request Forgery...