Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-1866: YourChannel <= 1.2.3 - Cross-Site Request Forgery to Plugin Channel Reset — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
Open in Source
#vulnerability#wordpress#intel#perl#auth
CVE-2023-1865: YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.

CVE-2023-1870: YourChannel <= 1.2.3 - Cross-Site Request Forgery to Plugin Language Translation Update — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-1867: YourChannel <= 1.2.3 - Cross-Site Request Forgery to Plugin Settings Change — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-1868: YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset — Wordfence Intelligence

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.

3 Fronts in the Battle for Digital Identity

As both digital protection strategies and digital attacks become more sophisticated, organizations that know the terrain have a better chance of navigating it.

Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant

Cybereason Secures $100M in Funding Led by SoftBank Corp.

Cybereason announces additional funding led by Softbank Corp.

CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture

Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.

Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach

Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.