WordPress WPForms flaw CVE-2024-11205

A critical vulnerability has been discovered in WordPress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions Thr vulnerability tracked as CVE-2024-11205 with a CVSS score of 7.5, stems in the ajax_single_payment_refund() and ajax_single_payment_cancel() functions within the plugin’s SingleActionsHandler class. […]

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

securityaffairs.co - 07/Apr 20:16

Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems...

File read flaw in Smart Slider plugin impacts 500K WordPress sites

bleepingcomputer.com - 29/Mar 14:38

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access...

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

itsecuritynews.info - 07/Apr 21:04

Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems...

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

securityaffairs.co - 30/Mar 10:43

Attackers are exploiting a critical Fortinet FortiClient EMS flaw (CVE-2026-21643) that allows remote code execution via SQL injection. A critical...

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

securityaffairs.co - 06/Apr 05:10

Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild. Fortinet released out-of-band...

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

securityaffairs.co - 08/Apr 21:35

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S....

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

securityaffairs.co - 29/Mar 13:33

Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical...

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

itsecuritynews.info - 29/Mar 14:13

Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical...

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

itsecuritynews.info - 10:07

A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical...

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

itsecuritynews.info - 10:07

A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical...

Rubriques :

WordPress WPForms flaw CVE-2024-11205

Articles similaires

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

File read flaw in Smart Slider plugin impacts 500K WordPress sites

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Les derniers communiqués