Aggregator

先知社区更新日志（2025-03-29）

2025年3月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1847.9万件，环比增长4.5%、同比下降0.3%。

数字经济时代，公民的个人信息正面临前所未有的安全挑战。数字生活在给大家带来便利的同时，也带来了个人信息泄露的困扰。APP过度收集使用个人信息的情况屡禁不止，扫码点餐、出行乘车等线下消费场景，违法违规收集使用个人信息的情况时有发生。

今年全国两会期间，司法如何服务保障发展新质生产力成为“两高”报告的一大亮点，最高人民法院工作报告和最高人民检察院工作报告都予以专门关注。

随着人工智能和物联网技术的普及，智能门锁等智能家居逐渐普及，已经融入现代社会工作生活的方方面面，显著地提升了人们的生活质量。值得注意的是，智能家居产品的敏感数据若被别有用心之人利用，可能造成信息泄露，对国家安全构成威胁。

近日，国家网信办会同相关部门起草的《网络安全法（修正草案再次征求意见稿）》面向社会公开征求意见。

关于第二届“长城杯”铁人三项赛（防护赛）半决赛各赛区一二三等奖获奖队伍名单公示通知

SwampCTF Re WP本周末的一个国际赛，ctftime rating挺高，质量还可以 SwampCTF第一题简单，剩下两道题都有一定难度，需要一定技巧，本文详细分析了后两题

A vulnerability was found in bPlugins Print Page Block Plugin up to 1.0.8 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-30438. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MultiVendorX WC Marketplace Plugin up to 4.1.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-30433. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Collectchat Plugin up to 2.4.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-30436. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WPPOOL Webinar and Video Conference with Jitsi Meet Plugin up to 2.6.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-30437. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Posimyth Plus Blocks for Block Editor Plugin up to 3.2.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-30435. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in WP-CRM System Plugin up to 3.2.9 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-30434. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gutenberg Block Editor Toolkit Plugin up to 1.40.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2794. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in ElementsKit Elementor Addons Plugin up to 3.0.6 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1238. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in File Upload Plugin up to 4.24.5 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2847. It is possible to launch the attack remotely. There is no exploit available.

Lumma Stealer；反混淆；

技术分享-硬编码导致的前台上传漏洞