Year: 2023

BlackCat/ALPHV Ransomware Victim: Strait & Lamp Group

June 21, 2023

BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...

ZTE AndroidTV STBs denial of service | CVE-2023-25645

June 21, 2023

NAME__________ZTE AndroidTV STBs denial of servicePlatforms Affected:ZTE AndroidTV STBsRisk Level:6.8Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________ZTE AndroidTV STBs is vulnerable to a denial...

CData RSB Connect server-side request forgery | CVE-2023-24243

June 21, 2023

NAME__________CData RSB Connect server-side request forgeryPlatforms Affected:CData RSB Connect 22.0.8336Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________CData RSB Connect is vulnerable to server-side request...

WP Affiliate Links plugin for WordPress cross-site scripting | CVE-2023-35097

June 21, 2023

NAME__________WP Affiliate Links plugin for WordPress cross-site scriptingPlatforms Affected:Internet Marketing Dojo WP Affiliate Links plugin for WordPress 0.1.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting...

wpView plugin for WordPress cross-site scripting | CVE-2023-33213

June 21, 2023

NAME__________wpView plugin for WordPress cross-site scriptingPlatforms Affected:WordPress wpView plugin for WordPress 1.3.0 WordPress wpView plugin for WordPress 1.2.9Risk Level:5.9Exploitability:UnprovenConsequences:Cross-Site Scripting...

Google Map Shortcode plugin for WordPress cross-site scripting | CVE-2023-35772

June 21, 2023

NAME__________Google Map Shortcode plugin for WordPress cross-site scriptingPlatforms Affected:Alain Gonzalez Google Map Shortcode Plugin for WordPress 3.1.2Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Google...

Kubernetes security bypass | CVE-2023-2431

June 21, 2023

NAME__________Kubernetes security bypassPlatforms Affected:Kubernetes Kubernetes 1.24.13 Kubernetes Kubernetes 1.25.0 Kubernetes Kubernetes 1.25.9 Kubernetes Kubernetes 1.26.0 Kubernetes Kubernetes 1.26.4 Kubernetes Kubernetes...

WordPress NextGen GalleryView plugin for WordPress cross-site scripting | CVE-2023-35098

June 21, 2023

NAME__________WordPress NextGen GalleryView plugin for WordPress cross-site scriptingPlatforms Affected:John Brien WordPress NextGen GalleryView plugin for WordPress 0.5.5Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WordPress...

Simple Customer Relationship Management SQL injection | CVE-2023-34548

June 21, 2023

NAME__________Simple Customer Relationship Management SQL injectionPlatforms Affected:SourceCodester Simple Customer Relationship Management CRM 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Simple Customer Relationship Management is...

Quicklancer Freelance Marketplace cross-site scripting |

June 21, 2023

NAME__________Quicklancer Freelance Marketplace cross-site scriptingPlatforms Affected:Quicklancer Freelance Marketplace 2.4Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Quicklancer Freelance Marketplace is vulnerable to cross-site scripting, caused...

QuickHomes Real Estate CMS listing cross-site scripting |

June 21, 2023

NAME__________QuickHomes Real Estate CMS listing cross-site scriptingPlatforms Affected:QuickHomes Real Estate CMS 1.3Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________QuickHomes Real Estate CMS is vulnerable...

WP Backup Manager plugin for WordPress cross-site scripting | CVE-2023-35775

June 21, 2023

NAME__________WP Backup Manager plugin for WordPress cross-site scriptingPlatforms Affected:WP Backup Solutions WP Backup Manager plugin for WordPress 1.13.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting...

EventPrime plugin for WordPress cross-site scripting | CVE-2023-35884

June 21, 2023

NAME__________EventPrime plugin for WordPress cross-site scriptingPlatforms Affected:WordPress EventPrime plugin for WordPress 2.8.6 WordPress EventPrime plugin for WordPress 3.0.5Risk Level:7.1Exploitability:UnprovenConsequences:Cross-Site Scripting...

QuickJob Portal cross-site scripting |

June 21, 2023

NAME__________QuickJob Portal cross-site scriptingPlatforms Affected:QuickJob QuickJob Portal 6.1Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________QuickJob Portal is vulnerable to cross-site scripting, caused by improper...

Seed Fonts plugin for WordPress cross-site scripting | CVE-2023-35779

June 21, 2023

NAME__________Seed Fonts plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Seed Fonts plugin for WordPress 2.3.1Risk Level:5.9Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Seed Fonts plugin for...

Sermon’e plugin for WordPress cross-site scripting | CVE-2023-35776

June 21, 2023

NAME__________Sermon'e plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Sermon'e plugin for WordPress 1.0.0 WordPress Sermon'e plugin for WordPress 0.9.9Risk Level:6.5Exploitability:UnprovenConsequences:Cross-Site Scripting...

WP Sticky Social plugin for WordPress cross-site scripting | CVE-2023-3320

June 21, 2023

NAME__________WP Sticky Social plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP Sticky Social plugin for WordPress 1.0.1 WordPress WP Sticky Social...

Strong Testimonials plugin for WordPress cross-site scripting | CVE-2023-26013

June 21, 2023

NAME__________Strong Testimonials plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Strong Testimonials Plugin for WordPress 3.0.2Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Strong Testimonials Plugin for...

KioWare for Windows security bypass | CVE-2023-34642

June 21, 2023

NAME__________KioWare for Windows security bypassPlatforms Affected:KioWare KioWare for Windows 8.33Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________KioWare for Windows could allow a local authenticated...

KioWare for Windows security bypass | CVE-2023-34641

June 21, 2023

Super Socializer plugin for WordPress cross-site scripting | CVE-2023-35882

June 21, 2023

NAME__________Super Socializer plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Super Socializer plugin for WordPress 7.13.28 WordPress Super Socializer Plugin for WordPress...

NocoDB directory traversal | CVE-2023-35843

June 21, 2023

NAME__________NocoDB directory traversalPlatforms Affected:NocoDB NocoDB 0.106.0 NocoDB NocoDB 0.109.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________NocoDB could allow a remote attacker to traverse directories...

Resort Reservation System cross-site scripting | CVE-2023-3318

June 21, 2023

NAME__________Resort Reservation System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Resort Reservation System is vulnerable to cross-site scripting, caused by improper validation...

SYNCK GRAPHICA Mailform Pro CGI denial of service | CVE-2023-32610

June 21, 2023

NAME__________SYNCK GRAPHICA Mailform Pro CGI denial of servicePlatforms Affected:SYNCK GRAPHICA. Mailform Pro CGI 4.3.1.2Risk Level:3.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________SYNCK GRAPHICA Mailform...

Year: 2023

BlackCat/ALPHV Ransomware Victim: Strait & Lamp Group

ZTE AndroidTV STBs denial of service | CVE-2023-25645

CData RSB Connect server-side request forgery | CVE-2023-24243

WP Affiliate Links plugin for WordPress cross-site scripting | CVE-2023-35097

wpView plugin for WordPress cross-site scripting | CVE-2023-33213

Google Map Shortcode plugin for WordPress cross-site scripting | CVE-2023-35772

Kubernetes security bypass | CVE-2023-2431

WordPress NextGen GalleryView plugin for WordPress cross-site scripting | CVE-2023-35098

Simple Customer Relationship Management SQL injection | CVE-2023-34548

Quicklancer Freelance Marketplace cross-site scripting |

QuickHomes Real Estate CMS listing cross-site scripting |

WP Backup Manager plugin for WordPress cross-site scripting | CVE-2023-35775

EventPrime plugin for WordPress cross-site scripting | CVE-2023-35884

QuickJob Portal cross-site scripting |

Seed Fonts plugin for WordPress cross-site scripting | CVE-2023-35779

Sermon’e plugin for WordPress cross-site scripting | CVE-2023-35776

WP Sticky Social plugin for WordPress cross-site scripting | CVE-2023-3320

Strong Testimonials plugin for WordPress cross-site scripting | CVE-2023-26013

KioWare for Windows security bypass | CVE-2023-34642

KioWare for Windows security bypass | CVE-2023-34641

Super Socializer plugin for WordPress cross-site scripting | CVE-2023-35882

NocoDB directory traversal | CVE-2023-35843

Resort Reservation System cross-site scripting | CVE-2023-3318

SYNCK GRAPHICA Mailform Pro CGI denial of service | CVE-2023-32610

[FOG] – Ransomware Victim: Saint George’s College (saintgeorge[.]cl)

[FOG] – Ransomware Victim: Aurora Public Schools (aurorak12[.]org)

[FOG] – Ransomware Victim: The University of Notre Dame Australia (nd[.]edu[.]au)

[MEDUSA] – Ransomware Victim: SRP Companies

[MEDUSA] – Ransomware Victim: Paignton Zoo

You may have missed