Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting

WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#windows#google#wordpress#php#auth#firefox
WordPress SeatReg 1.54.0 Open Redirection

WordPress SeatReg plugin version 1.54.0 suffers from an open redirection vulnerability.

WordPress WP Event Manager 3.1.44 Cross Site Scripting

WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing

WordPress LiteSpeed Cache 6.3.0.1 Privilege Escalation

WordPress LiteSpeed Cache versions 1.9 through 6.3.0.1 proof of concept privilege escalation exploit.

WordPress GiveWP Donation / Fundraising Platform 3.14.1 File Deletion / Command Execution

WordPress GiveWP Donation and Fundraising Platform plugins versions 3.14.1 and below suffer from file deletion and remote command execution vulnerabilities.

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization,

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164,