Aggregator

A vulnerability was found in AWcode Toolkit Plugin up to 1.0.18 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-48238. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in wpWax Legal Pages Plugin up to 1.4.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-48242. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ed4becky Rootspersona Plugin up to 3.7.5 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-48344. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in affmngr Affiliates Manager Google reCAPTCHA Integration Plugin up to 1.0.6 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-48233. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Bogdan Bendziukov WP Image Mask Plugin up to 3.1.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-48235. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Ultimate Blocks Plugin up to 3.3.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-48234. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Xpro Addons for Beaver Builder Plugin up to 1.5.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-48232. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in 10Web Form Maker Plugin up to 1.15.33 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-48341. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce Plugin up to 2.0.3 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-48342. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in ChatGPT System up to 2025-03-30. It has been rated as problematic. This issue affects some unknown processing of the component SVG Document Handler. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2025-43714. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Etsy360 Embed and Integrate Etsy Shop Plugin up to 1.0.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-48346. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in EasyVirt DC NetScope up to 8.7.0. It has been classified as critical. This affects an unknown part of the component Setting Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-55063. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. This vulnerability is handled as CVE-2024-51106. The attack may be launched remotely. There is no exploit available.

The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. [...]

For the latest discoveries in cyber research for the week of 19th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Fashion giant Dior confirmed a data breach that exposed customer information from its Fashion and Accessories line. The leaked data includes names, gender, phone numbers, email addresses, postal addresses, and purchase history […]

The post 19th May – Threat Intelligence Report appeared first on Check Point Research.

The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic cyberthreat. Initially focused on telecommunications for SIM swap operations, UNC3944 has since pivoted to ransomware and data theft extortion tactics since early 2023, casting a wider net […]

The post Google Reveals Hackers Targeting US Following UK Retailer Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

RomethemeKit for Elementor has released a patch addressing an RCE vulnerability exposing 30,000 sites

Author/Presenter: Amit Srour

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – GroundFloor – Prepare For The Apocalypse – Exposing Shadow And Zombie APIs appeared first on Security Boulevard.