Headline

CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.

1 year ago

CVE

Open in Source

#xss #wordpress #auth

More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users to

1 year ago

The Hacker News

Open in Source

#xss #vulnerability #web #linux #java #wordpress #php #backdoor #auth #The Hacker News

Hackers on WordPress Websites Hacking Spree with Balada Malware

By Deeba Ahmed If you use WordPress, update to the latest version. This is a post from HackRead.com Read the original post: Hackers on WordPress Websites Hacking Spree with Balada Malware

1 year ago

HackRead

Open in Source

#xss #vulnerability #web #wordpress #backdoor #auth #zero_day #ssl