Month: October 2023

Sitekit plugin for WordPress cross-site scripting | CVE-2023-5071

October 23, 2023

NAME__________Sitekit plugin for WordPress cross-site scriptingPlatforms Affected:webvitaly Sitekit plugin for WordPress 1.4Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Sitekit plugin for WordPress is vulnerable...

Nothings stb_vorbis code execution | CVE-2023-45679

October 23, 2023

NAME__________Nothings stb_vorbis code executionPlatforms Affected:nothings stb_vorbis 1.22Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Nothings stb_vorbis could allow a remote attacker to execute arbitrary code...

Nothings stb_vorbis denial of service | CVE-2023-45680

October 23, 2023

NAME__________Nothings stb_vorbis denial of servicePlatforms Affected:nothings stb_vorbis 1.22Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Nothings stb_vorbis is vulnerable to a denial of service,...

WP Mailto Links plugin for WordPress cross-site scripting | CVE-2023-5109

October 23, 2023

NAME__________WP Mailto Links plugin for WordPress cross-site scriptingPlatforms Affected:Ironikus WP Mailto Links plugin for WordPress 3.1.3Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP Mailto...

WPvivid Backup & Migration plugin for WordPress cross-site scripting | CVE-2023-5120

October 23, 2023

NAME__________WPvivid Backup & Migration plugin for WordPress cross-site scriptingPlatforms Affected:WPvivid Team WPvivid Backup & Migration plugin for WordPress 0.9.89Risk Level:5.5Exploitability:HighConsequences:Cross-Site...

Nothings stb_image code execution | CVE-2023-45664

October 23, 2023

NAME__________Nothings stb_image code executionPlatforms Affected:nothings stb_image 2.28Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Nothings stb_image could allow a remote attacker to execute arbitrary code...

Magic Action Box plugin for WordPress cross-site scripting | CVE-2023-5231

October 23, 2023

NAME__________Magic Action Box plugin for WordPress cross-site scriptingPlatforms Affected:Prosulum LLC Magic Action Box plugin for WordPress 2.17.2Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Magic...

Modoboa cross-site request forgery | CVE-2023-5690

October 23, 2023

NAME__________Modoboa cross-site request forgeryPlatforms Affected:modoboa modoboa 2.1.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Modoboa is vulnerable to cross-site request forgery, caused by improper validation...

PDM security bypass | CVE-2023-45805

October 23, 2023

NAME__________PDM security bypassPlatforms Affected:PDM PDM 0.11.1Risk Level:7.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________PDM could allow a remote attacker to bypass security restrictions, caused by...

WPvivid Backup & Migration plugin for WordPress cross-site scripting | CVE-2023-5121

October 23, 2023

Copy Anything to Clipboard plugin for WordPress cross-site scripting | CVE-2023-5086

October 23, 2023

NAME__________Copy Anything to Clipboard plugin for WordPress cross-site scriptingPlatforms Affected:Mahesh M. Waghmare Copy Anything to Clipboard plugin for WordPress 2.6.4Risk...

Contact form Form For All plugin for WordPress cross-site scripting | CVE-2023-5337

October 23, 2023

NAME__________Contact form Form For All plugin for WordPress cross-site scriptingPlatforms Affected:FormForAll Contact form Form For All plugin for WordPress 1.2Risk...

Icegram Express plugin for WordPress directory traversal | CVE-2023-5414

October 23, 2023

NAME__________Icegram Express plugin for WordPress directory traversalPlatforms Affected:Icegram Icegram Express plugin for WordPress 5.6.23Risk Level:4.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Icegram Express plugin for...

Podcast Subscribe Buttons plugin for WordPress cross-site scripting | CVE-2023-5308

October 23, 2023

NAME__________Podcast Subscribe Buttons plugin for WordPress cross-site scriptingPlatforms Affected:SecondLine Themes Podcast Subscribe Buttons plugin for WordPress 1.4.8Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Podcast...

flowpaper plugin for WordPress cross-site scripting | CVE-2023-5200

October 23, 2023

NAME__________flowpaper plugin for WordPress cross-site scriptingPlatforms Affected:Devaldi Ltd flowpaper plugin for WordPress 2.0.3Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________flowpaper plugin for WordPress is...

Social Media Share Buttons & Social Sharing Icons plugin for WordPress information disclosure | CVE-2023-5070

October 23, 2023

NAME__________Social Media Share Buttons & Social Sharing Icons plugin for WordPress information disclosurePlatforms Affected:UltimatelySocial Social Media Share Buttons & Social...

Advanced Custom Fields: Extended plugin for WordPress cross-site scripting | CVE-2023-5292

October 23, 2023

NAME__________Advanced Custom Fields: Extended plugin for WordPress cross-site scriptingPlatforms Affected:ACF Extended Advanced Custom Fields: Extended plugin for WordPress 0.8.9.3Risk Level:6.4Exploitability:HighConsequences:Cross-Site...

Knight Ransomware Victim: Emmea Srl

October 23, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

New TetrisPhantom hackers steal data from secure USB drives on govt systems

October 23, 2023

A new sophisticated threat tracked as ‘TetrisPhantom’ has been using compromised secure USB drives to target government systems in the...

Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

October 23, 2023

The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted...

News

Month: October 2023

Sitekit plugin for WordPress cross-site scripting | CVE-2023-5071

Nothings stb_vorbis code execution | CVE-2023-45679

Nothings stb_vorbis denial of service | CVE-2023-45680

WP Mailto Links plugin for WordPress cross-site scripting | CVE-2023-5109

WPvivid Backup & Migration plugin for WordPress cross-site scripting | CVE-2023-5120

Nothings stb_image code execution | CVE-2023-45664

Magic Action Box plugin for WordPress cross-site scripting | CVE-2023-5231

Modoboa cross-site request forgery | CVE-2023-5690

PDM security bypass | CVE-2023-45805

WPvivid Backup & Migration plugin for WordPress cross-site scripting | CVE-2023-5121

Copy Anything to Clipboard plugin for WordPress cross-site scripting | CVE-2023-5086

Contact form Form For All plugin for WordPress cross-site scripting | CVE-2023-5337

Icegram Express plugin for WordPress directory traversal | CVE-2023-5414

Podcast Subscribe Buttons plugin for WordPress cross-site scripting | CVE-2023-5308

flowpaper plugin for WordPress cross-site scripting | CVE-2023-5200

Social Media Share Buttons & Social Sharing Icons plugin for WordPress information disclosure | CVE-2023-5070

Advanced Custom Fields: Extended plugin for WordPress cross-site scripting | CVE-2023-5292

Knight Ransomware Victim: Emmea Srl

New TetrisPhantom hackers steal data from secure USB drives on govt systems

Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

US-CERT Vulnerability Summary for the Week of October 9, 2023

Black Basta Ransomware Victim: Panetteria Grandolfo

Black Basta Ransomware Victim: Simpson Strong-Tie

Akira Ransomware Victim: Inventum Øst

Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

MITRE Reveals Top 25 Most Critical Software Flaws of 2024

Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

Black Friday Spam Emails: 77% Identified as Scams in 2024

You may have missed