StaffList <= 3.2.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Liveticker (by stklcode) <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

AForms Eats <= 1.3.1 - Unauthenticated Full Path Disclosure

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

• 11 February 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article