Aggregator

A vulnerability was found in bitlydeveloper Bitlys Plugin up to 2.7.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-12616. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in surakrai MIMO WooCommerce Order Tracking Plugin up to 1.0.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-5769. It is possible to launch the attack remotely. There is no exploit available.

Распоряжение подписал премьер-министр Михаил Мишустин

A vulnerability was found in sonalsinha21 SKT Page Builder Plugin up to 4.7 on WordPress and classified as critical. This issue affects the function addLibraryByArchive. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-12848. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Database Backup Plugin up to 7.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to exposure of backup file to an unauthorized control sphere. This vulnerability is handled as CVE-2024-12330. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in wpsoul Greenshift Plugin up to 9.0.0 on WordPress. This issue affects the function greenshift_download_file_localy. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-6155. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in opacewebdesign AI Scribe Plugin up to 2.3 on WordPress. This vulnerability affects the function al_scribe_engine_request_data/al_scribe_content_data. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12605. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in reichertbrothers SimplyRETS Real Estate IDX Plugin up to 2.11.2 on WordPress. This affects the function sr_search_form. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Newsletter2Go Plugin up to 4.0.14 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-12618. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in bitlydeveloper Bitlys Plugin up to 2.7.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-12616. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in surakrai MIMO WooCommerce Order Tracking Plugin up to 1.0.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-5769. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in sonalsinha21 SKT Page Builder Plugin up to 4.7 on WordPress and classified as critical. This issue affects the function addLibraryByArchive. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-12848. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in stylemix Header Builder Plugin up to 1.3.8 on WordPress and classified as problematic. This vulnerability affects the function stm_header_builder. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12206. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Posturinn Shipping with WooCommerce Plugin up to 1.3.1 on WordPress. This affects the function printed_marked/nonprinted_marked. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11815. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Database Backup Plugin up to 7.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to exposure of backup file to an unauthorized control sphere. This vulnerability is handled as CVE-2024-12330. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the use of known malware on at least one of the compromised VPN appliances points to China-nexus espionage actor(s) – UNC5337 and UNC5221 – that have exploited ICS zero-days several times in the past few … More →

The post Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) appeared first on Help Net Security.

The malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in a sophisticated attack that compromises the privacy of cybersecurity professionals. A recent investigation by the ThreatBook Research and Response Team revealed that a popular privilege escalation tool utilized by cybersecurity experts had been backdoored, leading to significant data breaches and identity […]

The post APT32 Hacker Group Attacking Cybersecurity Professionals Poisoning GitHub appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.

Ruben Brekelmans heeft voor het eerst als minister Curaçao, Aruba en Sint Maarten bezocht. De afgelopen 3 dagen maakte hij kennis met de daar gestationeerde militaire eenheden en het lokale bestuur. Defensie is verantwoordelijk voor de bescherming van het Caribisch deel van het koninkrijk.