A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds...
Vous n'êtes pas connecté
- English
- Français
- عربي
- Español
- Deutsch
- Português
- русский язык
- Català
- Italiano
- Nederlands, Vlaams
- Norsk
- فارسی
- বাংলা
- اردو
- Azərbaycan dili
- Bahasa Indonesia
- Հայերեն
- Ελληνικά
- Bosanski jezik
- українська мова
- Íslenska
- Türkmen, Түркмен
- Türkçe
- Shqip
- Eesti keel
- magyar
- Қазақ тілі
- Kalaallisut ; kalaallit oqaasii
- Lietuvių kalba
- Latviešu valoda
- македонски јазик
- Монгол
- Bahasa Melayu ; بهاس ملايو
- ဗမာစာ
- Slovenščina
- тоҷикӣ ; toğikī ; تاجیکی
- ไทย
- O'zbek ; Ўзбек ; أۇزبېك
- Tiếng Việt
- ភាសាខ្មែរ
- རྫོང་ཁ
- Soomaaliga ; af Soomaali
Maroc - THECYBERTHRONE.IN - A La Une - 10/Dec 10:40
WordPress WPForms flaw CVE-2024-11205
A critical vulnerability has been discovered in WordPress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions Thr vulnerability tracked as CVE-2024-11205 with a CVSS score of 7.5, stems in the ajax_single_payment_refund() and ajax_single_payment_cancel() functions within the plugin’s SingleActionsHandler class. […]
Articles similaires
WPForms bug allows Stripe refunds on millions of WordPress sites
bleepingcomputer.com - 10/Dec 20:00
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds...
Apache Superset 4.1.0 released with bug fixes
thecyberthrone.in - 11/Dec 13:20
The Apache Software Foundation has announced the release of Apache Superset 4.1.0 with several bug fixes that could potentially allow attackers to...
Exploit Code Released for Microsoft CVE-2024-38193
thecyberthrone.in - 09/Dec 12:56
A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that...
Vulnerability Summary for the Week of December 9, 2024
itsecuritynews.info - 16/Dec 19:06
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a The Vayu Blocks – Gutenberg Blocks for...
Vulnerability Summary for the Week of December 9, 2024
itsecuritynews.info - 16/Dec 19:06
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a The Vayu Blocks – Gutenberg Blocks for...
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
itsecuritynews.info - 13/Dec 18:04
A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to...
CISA adds BeyondTrust CVE-2024-12356 to its KEV Catalog
thecyberthrone.in - 20/Dec 01:22
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356:...
CISA adds CVE-2024-49138 to its KEV Catalog
thecyberthrone.in - 11/Dec 07:38
The US CISA adds Microsoft vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation. The...
Apache Struts was affected by CVE-2024-53677
thecyberthrone.in - 13/Dec 03:59
Apache Struts framework has been detected with a critical vulnerability that could allow attackers to execute malicious code remotely, posing a...
Les derniers communiqués
-
Aucun élément