Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-5116: Live updates from Excel <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#vulnerability#web#wordpress#intel#perl#auth
Trojanized PyCharm Software Version Delivered via Google Search Ads

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it," Jérôme Segura, director of threat

CVE-2023-5464: Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-5437: WP fade in text news <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-5436: Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-5412: Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-5428: Image vertical reel scroll slideshow <= 9.0 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-5431: Left right image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode — Wordfence Intelligence

The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

3D Printing: Unpacking Facts and Safeguarding from Cybersecurity Threats

By Owais Sultan Delve into the mesmerizing world of 3D printing, from its historical roots to its revolutionary impact across industries.… This is a post from HackRead.com Read the original post: 3D Printing: Unpacking Facts and Safeguarding from Cybersecurity Threats