CVE-2023-47763 - How a Missing Authorization Vulnerability Lets Attackers Exploit WP Custom Admin Interface (Versions up to 7.31)
The WordPress plugin WP Custom Admin Interface is a popular tool for customizing your WordPress admin dashboard. Used by thousands of sites to personalize how
CVE-2023-32117 - Exploiting the Missing Authorization in SoftLab Integrate Google Drive (n/a - 1.1.99)
The digital world runs on cloud connectors, but sometimes, integration plugins forget to ask, “Are you allowed in?” That’s exactly what happened with CVE-2023-32117;
CVE-2023-30870 - How a Missing Authorization Vulnerability in Sharkdropship for AliExpress Dropship and Affiliate Lets Attackers Take Over WooCommerce Stores
Security flaws in WordPress plugins are a frequent attack target, but sometimes a single mistake in how a plugin checks user authorization can become disastrous.
CVE-2024-12209 - How a WordPress Plugin Backup Feature Lets Hackers Take Over Your Site
In early 2024, a critical vulnerability was discovered in the WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress. This plugin is often used
CVE-2024-12326 - Bypassing SVG Preview Restrictions in Jirafeau via Mixed-Case MIME Types
Date Published: 2024-06-20
Overview
Jirafeau is a popular open-source lightweight file sharing web application. By design, it prevents the preview of SVG files in browsers—
Episode
00:00:00
00:00:00