Aggregator

A vulnerability, which was classified as critical, was found in Bajie Java HTTP Server up to 0.90. This affects an unknown part of the component Upload Servlet. The manipulation with the input ... leads to code injection. This vulnerability is uniquely identified as CVE-2001-0308. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Раскрыта изощренная стратегия взлома IoT-устройств.

WordPress 开源项目联合创始人 Matt Mullenweg 此前在声称属于其个人的网站 WordPress.org 的登陆页面专门加入了一个选项“I am not affiliated with WP Engine in any way, financially or otherwise”，要求用户声明与 WP Engine 没有任何隶属关系。上周二，美国加州地方法庭裁决，Automattic 必须停止阻止 WP Engine 访问 WordPress.org 上的资源，以及停止干扰该公司的 WP 插件，删除 WordPress.org 登陆页面的相关复选框。Matt Mullenweg 遵守了法庭要求，但将其改成了“Pineapple is delicious on pizza” ，截至本周二，该选项仍然存在。用户如果不勾选该复选框，将会返回重试的错误信息。

WordPress 开源项目联合创始人 Matt Mullenweg 此前在声称属于其个人的网站 WordPress.org 的登陆页面专门加入了一个选项“I am not affilia

We stand at a pivotal moment where automation and AI can revolutionize the economy, allowi

A vulnerability, which was classified as problematic, was found in Calculated Fields Form Plugin up to 5.2.63 on WordPress. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-12601. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Stop Registration Spam Plugin up to 1.23 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12219. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in SMS for WooCommerce Plugin up to 2.8.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12220. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in EventPrime Plugin up to 4.0.5.3 on WordPress. This affects an unknown part. The manipulation of the argument Ticket Category/Ticket Type leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12024. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP BASE Booking of Appointments, Services and Events Plugin up to 4.9.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument status leads to cross site scripting. This vulnerability is handled as CVE-2024-12469. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in User Role Editor Plugin up to 4.64.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-12293. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WooCommerce Additional Fees on Checkout Plugin up to 1.4.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument number leads to cross site scripting. This vulnerability is traded as CVE-2024-12395. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Easy Digital Downloads Plugin 3.1/3.3.4 on WordPress and classified as critical. This issue affects some unknown processing of the component Paywall. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2024-9654. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in PPWP Plugin up to 1.9.5 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-11280. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in s2Member Plugin on WordPress. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-8326. It is possible to initiate the attack remotely. There is no exploit available.

Continuing our look back at 2024, part two of Last Watchdog’s year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics.

Part two of a four-part series

The explosion of AI-driven phishing, insider threats, and business logic abuse … (more…)

The post LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025 first appeared on The Last Watchdog.

The post LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025 appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in ElementsReady Addons for Elementor up to 6.4.8 on WordPress. Affected by this issue is some unknown functionality of the component Elementor Template Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-10356. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Sikshya LMS Plugin up to 0.0.21 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. This vulnerability is known as CVE-2024-12127. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in python-sql. It has been rated as critical. This issue affects some unknown processing of the component Expression Handler. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-9774. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Memberful Plugin up to 1.73.9 on WordPress. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-11294. It is possible to launch the attack remotely. There is no exploit available.