Showing only posts tagged cross-site scripting. Show all posts.

Nov 21 2023 Email Security Flaw Found in the Wild

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the …

Oct 09 2023 Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Source

Enlarge (credit: Getty Images ) Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper …

Jan 13 2021 Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover

Source

Two security vulnerabilities -- one a privilege-escalation problem and the other a stored XSS bug -- afflict a WordPress plugin with 40,000 installs. [...]