Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2016-4426: Version History — Zulip 2.1.7 documentation

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

CVE
Open in Source
#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#amazon#ubuntu#linux#debian#redis#memcached#nodejs#js#git#java#wordpress#perl#ldap#nginx#vmware#oauth#auth#postgres#docker#jira#bitbucket#firefox#ssl
CVE-2016-0796: WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files Multiple Vulnerabilities (1.7.6) - Vulnerabilities

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.

APT-Like Phishing Threat Mirrors Landing Pages

By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.

CVE-2022-35882: WordPress GS Testimonial Slider plugin <= 1.9.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.

CVE-2022-33943: BxSlider WP

Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This

CVE-2022-36375: WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability - Patchstack

Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress.

CVE-2022-33969: Changeset 2648808 – WordPress Plugin Repository

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.

CVE-2022-24992: CVE-2022–24992: QRCDR ZeroDay Path Traversal Vulnerability

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.

CVE-2022-33965: WP Visitor Statistics (Real Time Traffic)

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.