CVE Alert: CVE-2024-11888
Vulnerability Summary: CVE-2024-11888 The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Month: December 2024
CVE Alert: CVE-2024-11867
Vulnerability Summary: CVE-2024-11867 The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
CVE Alert: CVE-2024-11865
Vulnerability Summary: CVE-2024-11865 The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and...
CVE Alert: CVE-2024-11884
Vulnerability Summary: CVE-2024-11884 The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE Alert: CVE-2024-11879
Vulnerability Summary: CVE-2024-11879 The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode...
CVE Alert: CVE-2024-11877
Vulnerability Summary: CVE-2024-11877 The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score'...
CVE Alert: CVE-2024-11883
Vulnerability Summary: CVE-2024-11883 The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code'...
CVE Alert: CVE-2024-12448
Vulnerability Summary: CVE-2024-12448 The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
HackerOne Bug Bounty Disclosure: nextcloud-mail-does-not-respect-download-permissions-in-shares-rullzer
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:rullzerLink to Submitters Profile:https://hackerone.com/rullzer Report Title:Nextcloud mail does not respect download permissions...
HackerOne Bug Bounty Disclosure: incomplete-sanitization-in-svg-preview-provider-pulsejet
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:pulsejetLink to Submitters Profile:https://hackerone.com/pulsejet Report Title:Incomplete sanitization in SVG preview providerReport Link:https://hackerone.com/reports/2484499Date...
HackerOne Bug Bounty Disclosure: x-e-ee-signature-verification-can-be-bypassed-leading-to-loss-of-confidentiality-of-end-to-end-encrypted-files-d-xuan
Company Name: Nextcloud Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:d-xuanLink to Submitters Profile:https://hackerone.com/d-xuan Report Title:X-E2EE-SIGNATURE verification can be bypassed, leading to...
CVE Alert: CVE-2024-12411
Vulnerability Summary: CVE-2024-12411 The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for...
CVE Alert: CVE-2024-11889
Vulnerability Summary: CVE-2024-11889 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE Alert: CVE-2024-11894
Vulnerability Summary: CVE-2024-11894 The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode...
CVE Alert: CVE-2024-12447
Vulnerability Summary: CVE-2024-12447 The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
CVE Alert: CVE-2024-12555
Vulnerability Summary: CVE-2024-12555 The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,...
CVE Alert: CVE-2024-12458
Vulnerability Summary: CVE-2024-12458 The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button'...
CVE Alert: CVE-2024-12523
Vulnerability Summary: CVE-2024-12523 The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map'...
CVE Alert: CVE-2024-9698
Vulnerability Summary: CVE-2024-9698 The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
CVE Alert: CVE-2024-12517
Vulnerability Summary: CVE-2024-12517 The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE Alert: CVE-2024-12502
Vulnerability Summary: CVE-2024-12502 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
Cobalt Strike Beacon Detected – 124[.]220[.]46[.]232:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 81[.]70[.]222[.]4:4443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 110[.]41[.]23[.]0:9090
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
