#wordpress

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.

Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions.

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.