CVE-2022-1294
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site...
CVE-2022-1275
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the...
CVE-2022-1009
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a...
CVE-2022-0642
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not...
CVE-2022-0376
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in...
Third of UK Firms Have Experienced a Security Breach Since 2020
Cyber drives surge in economic crime, says PwC Read More
The Open Source Software Security Mobilization Plan: Takeaways for security leaders
The Linux Foundation and the Open Source Security Foundation (OpenSSF) have introduced the Open Source Software Security Mobilization Plan. This is in response to attacks...
Linux malware is on the rise—6 types of attacks to look for
Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of...
Mobile Threat Volumes Slump 58% in a Year
App stores a hotbed of malicious activity, Kaspersky warns Read More