Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-46801: WordPress Site Reviews plugin <= 6.2.0 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.

CVE
Open in Source
#vulnerability#wordpress#auth
CVE-2022-46821: WordPress Emails & Newsletters with Jackmail plugin <= 1.2.22 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22.

CVE-2022-46802: WordPress Product Reviews Import Export for WooCommerce plugin <= 1.4.8 - Unauth. CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.

CVE-2022-45357: WordPress 1003 Mortgage Application plugin <= 1.75 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.

CVE-2023-36527: WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.

CVE-2022-47442: WordPress UsersWP plugin <= 1.2.3.9 - CSV Injection - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.

CVE-2022-45350: WordPress Simple History plugin <= 3.3.1 - CSV Injection vulnerability - Patchstack

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

New GootLoader Malware Variant Evades Detection and Spreads Rapidly

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole

CVE-2023-5669: Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

IBM X-Force Discovers Gootloader Malware Variant- GootBot

By Deeba Ahmed GootBot: New Gootloader Variant Evades Detection with Stealthy Lateral Movement. This is a post from HackRead.com Read the original post: IBM X-Force Discovers Gootloader Malware Variant- GootBot