Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-29446: WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability - Patchstack

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress.

CVE
Open in Source
#vulnerability#web#wordpress#auth
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

CVE-2022-25617: Code Snippets

Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter.

CVE-2022-29445: WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability - Patchstack

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.

Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues

Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.

Sysrv botnet is out to mine Monero on your Windows and Linux servers

The Sysrv botnet has been developing over the last years, and has become a multi-platform botnet that specializes in Monero cryptomining. The post Sysrv botnet is out to mine Monero on your Windows and Linux servers appeared first on Malwarebytes Labs.

CVE-2022-29436: Code Snippets Extended

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

By Deeba Ahmed Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft… This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.