Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

CVE
Open in Source
#csrf#wordpress
CVE-2022-1424

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

CVE-2022-1469

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

CVE-2022-1506

The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

CVE-2022-1541

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Hackers can take over accounts you haven’t even created yet

It's called pre-hijacking, and it's a new class of attack against online accounts. The post Hackers can take over accounts you haven’t even created yet appeared first on Malwarebytes Labs.

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was documented in

Types of Web Hosting and How Much Does It Cost To Host A Website?

By Owais Sultan Hosting a website is not only about the domain name. It also includes web hosting services, which provide… This is a post from HackRead.com Read the original post: Types of Web Hosting and How Much Does It Cost To Host A Website?

CVE-2022-29659: Responsive Online Blog Website using PHP/MySQL with Source Code

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.