The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4650

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4675

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4627

The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CVE-2022-4673

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2022-4542

The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

CVE-2022-4548

By Deeba Ahmed
The database injection against WordPress websites features two different malware embedded together to achieve two entirely different goals.
This is a post from HackRead.com Read the original post: Database Malware Strikes Hundreds of Vulnerable WordPress Sites

The first injection redirected users to a spammy sports website, whereas the second one boosted the authority of a spammy casino website in search engines.

Cybersecurity researchers at Sucuri have shared their research on how **WordPress vulnerabilities** can jeopardize the system’s security and that usually already discovered flaws are used to compromise WordPress sites with multiple infections.

Researchers noted that outdated websites are highly likely to be exploited by multiple attackers, or the same hacker can target them using multiple channels. The latter scenario was recently identified by Sucuri’s researchers, who detected a database injection featuring two different malware embedded together to achieve two entirely different goals. Both the malware could be found scattered over a WordPress database.

The first injection redirected users to a spammy sports website, whereas the second one boosted the authority of a spammy casino website in search engines. As per Sucuri, nearly 270 websites were impacted by the first injection, and the second impacted 82 websites.

One of the compromised WordPress websites (Image credit: Sucuri)

The first injection’s domain performs the redirecting process. The browser is instructed to wait for 60 seconds, after which a redirect is made to the domain “hxxp://redirect4xyz.” The user is redirected again, and they arrive on this spam domain: hxxp://pontiarmadacom when the first redirecting process is complete. This spammed site has iframes that disseminate malware to clueless users.

The second injection’s domain, “hxxp://nomortogelkuxyz,” is a gambling casino site that uses a common methodology to boost its authority in search engines. This attacker used a black hat SEO tactic and placed an invisible link throughout the compromised sites to improve its domain authority and appear genuine.

It is worth noting that, according to Sucuri’s **blog post**, both injections use the ‘.xyz’ domain extension, which attackers commonly use in such campaigns. These domains are available at cheaper rates for the first year, which explains why it is used extensively.

However, the presence of two different infections on the same website shows how attackers can disseminate various malware on the same site and how different bad actors can exploit a single flaw to infect the site.

Threat actors can easily monetize the same outdated sites with different malware to get full access. The problem lies in **vulnerable WordPress plugins/themes**, which allow multiple threat actors to exploit and distribute malware.

To mitigate the threat, keep your WordPress site plugin themes and software up-to-date by enabling auto-updates so that vulnerabilities are patched on time. Moreover, a web application firewall can block attacks caused due to vulnerabilities and add another layer of protection for a vulnerable site.

Additionally, the admin user count should be low, and securer passwords should be created for all accounts. Lastly, it is essential to **enable two-factor authentication (2FA)** to secure the WordPress admin accounts from unauthorized access.

1.  Step-by-Step Security Guide for WordPress
2.  WordPress Plugin NextGEN Gallery Vulnerable
3.  Hackers deface thousands of WordPress websites
4.  Hacked WordPress & Joomla sites dropping malware
5.  5 WordPress Security Solutions with Free SSL Certificates
6.  3 vulnerable WordPress plugins affecting 21,000 websites

Database Malware Strikes Hundreds of Vulnerable WordPress Sites

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2023-3

CVSSv3 Base / Temporal Score

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Quick Event Manager WordPress Plugin

Login with Phone Number WordPress Plugin

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

**Contact a Sales Rep to Buy Tenable.cs**

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable.asm In Action**

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable.asm. A representative will be in touch soon.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-23492: Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2023-2

CVSSv3 Base / Temporal Score

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Paid Memberships Pro WordPress Plugin

Easy Digital Downloads WordPress Plugin

Survey Maker WordPress Plugin

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

**Contact a Sales Rep to Buy Tenable.cs**

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable.asm In Action**

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable.asm. A representative will be in touch soon.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-23490: SQL Injection in Multiple WordPress Plugins

Categories: News
Tags: Mailchimp

Tags:  social engineering

Tags:  targete attack

Email marketing provider Mailchimp has been breached again, nine months after it was compromised last year.



(Read more...)




The post Mailchimp breach feels like deja vu appeared first on Malwarebytes Labs.

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light.

"On January 11, the Mailchimp Security team identified an unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," said Mailchimp in a blog post. "The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack."

The blog further asserts the company's compromise had not affected other Intuit systems or other Mailchimp customer data.

It is noted that very little detail is shared about the attack, such as the specific social engineering tactic used against Intuit's employees, who might be responsible for the attack, or how long the intruder was in the company's systems.

According to TechCrunch, who first reported the incident, Mailchimp detected the intruder while accessing one of the tools used by its customer support and account administration. Upon discovery of the targeted attack, it suspended the affected accounts temporarily and reached out to their owners regarding the breach.

"That afternoon, we sent another email to affected accounts with steps to help users reinstate access to their Mailchimp accounts safely. Since then, we’ve been working with our users directly to help them reinstate their accounts, answer questions, and provide any additional support they need."

One of the 133 accounts affected belonged to WooCommerce, an immensely popular e-commerce plugin for WordPress with more than five million customers. TechCrunch said customer names, web store addresses, and customer email addresses might have been exposed in the compromise.

This latest incident with Mailchimp definitely calls back to the April 2022 breach when threat actors were able to breach 319 of its client accounts, mostly belonging to companies in the cryptocurrency and finance industries. Cryptocurrency wallet company Trezor had taken to Twitter to let followers know some of its services were also affected by the Mailchimp compromise.

Trezor said then, "Mailchimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline."

Since this attack, Mailchimp said it had implemented "an additional set of enhanced security measures", but TechCrunch noted the company wasn’t specific about these measures.

"We know that incidents like this can cause uncertainty, and we’re deeply sorry for any frustration,” Mailchimp said. "We are continuing our investigation and will be providing impacted account holders with timely and accurate information throughout the process."

**We don't just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#wordpress