Compact WP Audio Player <= 1.9.14 - Authenticated (Contributor+) Server-Side Request Forgery

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Scratch & Win – Giveaways and Contests <= 2.7.1 - Cross-Site Request Forgery via reset_installation Function

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

JobBoard Job listing <= 1.2.6 - Unauthenticated Arbitrary File Upload

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Store Commerce <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Astra Widgets <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Editor+) Local File Inclusion

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article