Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2017-20093: Cross-Site Request Forgery in WordPress Download Manager Plugin

A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.

CVE
Open in Source
#vulnerability#web#wordpress
CVE-2017-20094: Persistent Cross-Site Scripting in the WordPress NewStatPress plugin

A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2022-31395: Achievement Unlocked: CVE-2022–31395 - N0ur5 - Medium

Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua.

CVE-2017-20087: Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

CVE-2017-20090: Cross-Site Request Forgery in Global Content Blocks WordPress Plugin

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.

CVE-2017-20091: Cross-Site Request Forgery in File Manager WordPress plugin

A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.

CVE-2017-20085: Cross-Site Scripting in Atahualpa WordPress Theme

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.

CVE-2017-20086: Full Disclosure: VaultPress - Remote Code Execution via Man in The Middle attack

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.

WordPress Download Manager 3.2.43 Cross Site Scripting

WordPress Download Manager plugin versions 3.2.43 and below suffer from a cross site scripting vulnerability.

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis