Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser

The Hacker News
Open in Source
#sql#vulnerability#web#android#windows#apple#google#microsoft#amazon#ubuntu#linux#debian#cisco#red_hat#git#oracle#wordpress#rce#vmware#aws#lenovo#amd#samsung#auth#ssh#ibm#dell#mongo#chrome#firefox#sap#The Hacker News
GHSA-52jw-f3jq-hhwg: Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x6p7-44rh-m3rr. This link has been maintained to preserve external references. ## Original Description The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

WordPress Poll 2.3.6 SQL Injection

WordPress Poll plugin version 2.3.6 suffers from a remote SQL injection vulnerability.

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery version 2.3.6 suffers from a remote SQL injection vulnerability.

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024. This includes references to "https://cdn.polyfill[.]io" or "https://cdn.polyfill[.]com" in their HTTP responses, the attack

WordPress Photo Gallery 1.8.26 Cross Site Scripting

WordPress Photo Gallery plugin version 1.8.26 suffers from a persistent cross site scripting vulnerability.

Israeli Entities Targeted by Cyberattack Using Donut and Sliver Frameworks

Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, "leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on

WordPress FooGallery 2.4.16 Cross Site Scripting

WordPress FooGallery plugin version 2.4.16 suffers from a persistent cross site scripting vulnerability.

WordPress Gallery 2.3.6 Cross Site Scripting

WordPress Gallery version 2.3.6 suffers from a persistent cross site scripting vulnerability.

WordPress WPCode Lite 2.1.14 Cross Site Scripting

WordPress WPCode Lite plugin version 2.1.14 suffers from a persistent cross site scripting vulnerability.