Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Magento eCommerce 2.4.0 Information Disclosure

Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#auth#firefox
Wizcyb Interactive 2.0 SQL Injection

Wizcyb Interactive version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Updraft 0.6.1 Backup Disclosure

WordPress Updraft plugin version 0.6.1 suffers from an information disclosure vulnerability.

CVE-2021-4342: Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass — Wordfence Intelligence

Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.

CVE-2023-3126: Changelog - B2BKing

The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.

CVE-2020-36724: Changeset 2234193 for wordable/trunk/wordable.php – WordPress Plugin Repository

The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.

CVE-2019-25138: User Submitted Posts – Enable Users to Submit Posts from the Front End

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVE-2020-36701: Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.

Facebook clickbait leads to money scam for users

Categories: Threat Intelligence Tags: facebook Tags: posts Tags: google Tags: cloud run Clickbait posts on Facebook can lead to malicious websites. In this campaign, crooks are redirecting Facebook victims to scam pages hosted on Google's infrastructure. (Read more...) The post Facebook clickbait leads to money scam for users appeared first on Malwarebytes Labs.

CVE-2023-3079: Chromium: CVE-2023-3079 Type Confusion in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**