Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.

**Solution**

Fixed 

Update the WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin plugin to the latest available version (at least 1.3.1).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.3.1.

**No other known vulnerabilities for this plugin**Report

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2023-23727: WordPress Live Chat by Formilla plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-2708: video-slider-with-thumbnails.php in video-slider-with-thumbnails/tags/1.0.11 – WordPress Plugin Repository

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-2710: wp-responsive-video-gallery-with-lightbox.php in wp-responsive-video-gallery-with-lightbox/tags/1.0.22 – WordPress Plugin Repository

The freshly minted ransomware gang is customizing leaked Babuk source code to go after cyber targets in the US and South Korea — and it's expanding its operations quickly.

A newly discovered ransomware gang dubbed RA Group is ramping up its cyberattacks — the latest in a line of threat actors leveraging the leaked Babuk source code. The group distinguishes itself from the rest of the Babuk pack, however, with a highly customized approach.

According to an analysis from Cisco Talos this week, RA Group opened shop on April 22 and has been rapidly expanding its operations ever since. So far, it's gone after organizations in the US and South Korea in the manufacturing, wealth management, insurance, and pharmaceutical industries.

By way of background, the full source code for the Babuk ransomware was leaked online in September 2021, and since then several new threat actors have used it to go into the ransomware business. In particular, several have used it to develop lockers for VMware ESXi hypervisors — over the past year, 10 different ransomware families have gone that route.

Others have customized the code in other ways, taking advantage of the fact that it is built to exploit several known vulnerabilities, including those found in Microsoft Exchange, Struts, WordPress, Atlassian Confluence, Oracle WebLogic Server, SolarWinds Orion, Liferay, and others.

"By reusing code written by others and leaked, these groups are reducing their development time significantly and possibly even incorporating features they would otherwise have been unable to create themselves," Erich Kron, security awareness advocate at KnowBe4, said in an emailed comment. 

He added, "In the last few years, especially after ransomware-as-a-service (RaaS) offerings became popular, it's become very clear that you do not have to be a technical marvel to play in the cybercrime and extortion game. Simply using other people's code, through a subscription or through leaks such as this, with minor modifications can get just about anyone equipped to carry out attacks."

**RA Group's Unique Take on Babuk**

In RA Group's case, it's using a typical double-extortion model in which it threatens to leak exfiltrated data if the victim doesn't pay the ransom; however, according to the ransom note, victims have just three days to pay up.

That's not the only tweak to known playbooks the group is employing. "In their leak site, RA Group discloses the name of the victim's organization, a list of their exfiltrated data and the total size, and the victim’s official URL, which is typical among other ransomware groups’ leak sites," according to Cisco Talos' analysis of the ransomware group. But in a twist, the "RA Group is also selling the victim’s exfiltrated data on their leak site by hosting the victims’ leaked data on a secured Tor site."

Despite the RA Group's spin on ransomware, the basics remain effective when it comes to defending against the threat: Organizations should make sure their environments are patched and up to date, continually monitor their networks for any signs of malicious activity (and ensure their security tools are updated with the latest indicators of compromise), and ensure they have effective backup and recovery procedures in place in the event of a successful attack.

RA Ransomware Group Emerges With Custom Spin on Babuk

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

CVE-2023-1890

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2023-1596

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2023-1835

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE-2023-1839

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.

CVE-2023-1915

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Tag

#wordpress