WordPress WPForms flaw CVE-2024-11205

A critical vulnerability has been discovered in WordPress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions Thr vulnerability tracked as CVE-2024-11205 with a CVSS score of 7.5, stems in the ajax_single_payment_refund() and ajax_single_payment_cancel() functions within the plugin’s SingleActionsHandler class. […]

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

securityaffairs.co - 16/Jan 08:26

A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively...

Ni8mare flaw gives unauthenticated control of n8n instances

securityaffairs.co - 07/Jan 21:15

A critical n8n flaw (CVE-2026-21858, CVSS 10.0), dubbed Ni8mare, allows unauthenticated attackers to fully take over vulnerable instances. Researchers...

Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets

itsecuritynews.info - 14/Jan 13:02

Fortinet disclosed a critical OS command injection vulnerability in FortiSIEM on January 13, 2026, warning users of a high-risk flaw that lets...

Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets

itsecuritynews.info - 14/Jan 13:02

Fortinet disclosed a critical OS command injection vulnerability in FortiSIEM on January 13, 2026, warning users of a high-risk flaw that lets...

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

securityaffairs.co - 07/Jan 09:52

Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively...

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

securityaffairs.co - 20/Jan 15:20

TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices...

Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

itsecuritynews.info - 14/Jan 13:32

Microsoft has addressed a critical security feature bypass vulnerability in Windows Secure Boot certificates, tracked as CVE-2026-21265, through its...

Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

itsecuritynews.info - 14/Jan 13:32

Microsoft has addressed a critical security feature bypass vulnerability in Windows Secure Boot certificates, tracked as CVE-2026-21265, through its...

Veeam resolves CVSS 9.0 RCE flaw and other security issues

securityaffairs.co - 07/Jan 11:31

Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released...

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

itsecuritynews.info - 13/Jan 12:02

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated...

Rubriques :

WordPress WPForms flaw CVE-2024-11205

Articles similaires

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

Ni8mare flaw gives unauthenticated control of n8n instances

Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets

Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

Veeam resolves CVSS 9.0 RCE flaw and other security issues

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

Les derniers communiqués