Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-46075: WordPress Contact Form Builder, Contact Widget plugin <= 2.1.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.

CVE
#xss#vulnerability#web#wordpress#auth
CVE-2023-46094: WordPress Conversios.io plugin <= 6.5.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions.

CVE-2023-46088: WordPress WP Full Stripe Free plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.

CVE-2023-46077: WordPress The Awesome Feed – Custom Feed plugin <= 2.2.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.

CVE-2023-32116: WordPress Custom post types plugin <= 4.0.12 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

CVE-2023-46081: WordPress Lava Directory Manager plugin <= 1.1.34 - Unauth stored Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

Complex Spy Platform StripedFly Bites 1M Victims

Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

Horse Racing Game NEOBRED Integrates with Avalanche for Elite Gaming Experience

By Owais Sultan NEOBRED, a blockchain horse racing game, has announced that it is integrating with the Avalanche blockchain. The integration… This is a post from HackRead.com Read the original post: Horse Racing Game NEOBRED Integrates with Avalanche for Elite Gaming Experience

CVE-2023-46072: WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.