Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-5362: Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#vulnerability#web#wordpress#intel#perl#auth
CVE-2023-5565: Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too

With the rapid advancement and adoption of artificial intelligence (AI) in cybersecurity, the benefits of speed and accuracy are becoming clearer every day.

CISO Skills in a Changing Security Market: Are You Prepared?

The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.

'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: google Tags: dynamic search ads Tags: python Tags: pycharm Tags: malware Dynamically generated ads can be problematic when the content they are created from has been compromised. (Read more...) The post 'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy appeared first on Malwarebytes Labs.

This Cryptomining Tool Is Stealing Secrets

Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network.

Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic

The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.

What Lurks in the Dark: Taking Aim at Shadow AI

Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks.

CVE-2023-5705: VK Filter Search <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.