Aggregator

A vulnerability has been found in BnB Select Bookalet Plugin up to 1.0.3 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23899. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Alex Furr & Simon Ward Progress Tracker Plugin up to 0.9.3 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-23892. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in closed Social Ninja Plugin up to 0.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-23907. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Manuel Costales GMap Shortcode Plugin up to 2.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23893. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Scott Allan Wallick Blog Summary Plugin up to 0.1.2 β on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-23887. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ApplyMetrics Apply with LinkedIn buttons Plugin up to 2.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-23897. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Scott Reilly Post-to-Post Links Plugin up to 4.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23878. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in nitethemes Nite Shortcodes Plugin up to 1.0 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-23877. It is possible to launch the attack remotely. There is no exploit available.

In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to defend against them. Bateman also discusses the role of employee training and how businesses can balance strong security with user-friendly experiences. What is the scale of identity-based attacks today? Identity-based attacks are becoming a bigger problem … More →

The post Balancing usability and security in the fight against identity-based attacks appeared first on Help Net Security.

A vulnerability was found in Jens Remus WP krpano Plugin up to 1.2.1 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-23876. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Anshi Solutions Category D3 Tree Plugin up to 1.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23873. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Markus Liebelt Chess Tempo Viewer Plugin up to 0.9.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-23868. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Pressfore Winning Portfolio Plugin up to 1.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-23865. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP Code Snippets WCS QR Code Generator Plugin up to 1.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23864. The attack can be launched remotely. There is no exploit available.

In a significant legal development, HDR Global Trading Ltd., operating under the name BitMEX, has been fined $100 million for violating the Bank Secrecy Act. Attorney for the United States, Matthew Podolsky, announced the sentencing on January 17, 2025, highlighting the company’s willful failure to implement an adequate anti-money laundering (AML) and know-your-customer (KYC) program. […]

The post BitMEX Fined $100 Million for Violating Bank Secrecy Act appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in librenms up to 24.10.x. Affected is an unknown function of the file /addhost. The manipulation of the argument community leads to cross site scripting. This vulnerability is traded as CVE-2025-23201. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Chrome Extension Sync是什么Chrome Extension Sync 是一款用于 Chrome 扩展同步和管理的工具，帮助用户轻松导入、导出和比较不同 Google 账号下...

Chrome Extension Sync是什么Chrome Extension Sync 是一款用于 Chrome 扩展同步和管理的工具，帮助用户轻松导入、导出和比较不同 Google 账号下的插件

A vulnerability was found in themesebrand Chatvia 5.3.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument User profile name leads to permission issues. This vulnerability was named CVE-2024-40514. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in themesebrand Chatvia 5.3.2. It has been classified as critical. This affects an unknown part of the component User Profile Handler. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-40513. It is possible to initiate the attack remotely. There is no exploit available.