#wordpress

The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order

API security is a ‘great gateway’ into a pen testing career, advises specialist in the field

By Deeba Ahmed The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022. This is a post from HackRead.com Read the original post: Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

Categories: News Tags: GoDaddy Tags: GoDaddy breach Hosting and domain name company GoDaddy says it believes a sophisticated threat actor group has been subjecting the company to a multi-year attack campaign. (Read more...) The post GoDaddy says it's a victim of multi-year cyberattack campaign appeared first on Malwarebytes Labs.

Categories: News Tags: Josh Saxe Tags: Lock and Code S04E04 Tags: AI Tags: artificial intelligence Tags: endpoint security leader Tags: CISA Tags: DPRK Tags: ChatGPT Tags: informed consent Tags: valentine's day Tags: password sharing Tags: Android Tags: data leaks Tags: ESXiArgs Tags: TrickBot Tags: Wordpress Tags: fake Hogwarts Legacy Tags: Arris router Tags: ransomware Tags: Mortal Kombat Tags: Section 230 Tags: iPhone calendar spam The most interesting security related news from the week of February 13 to 19. (Read more...) The post A week in security (February 13 - 19) appeared first on Malwarebytes Labs.

Plus: The FBI got (at least a little bit) hacked, an election-disruption firm gets exposed, Russia mulls allowing “patriotic hacking,” and more.

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. The company attributed the campaign to a "sophisticated and organized group targeting hosting services." GoDaddy said in December 2022, it received an unspecified number of customer complaints about