CVE-2024-11380 - Stored XSS in WordPress Mini Program API Plugin (qvideo Shortcode) All Versions ≤ 1.4.5 – Explained & Exploited
WordPress is the world’s favorite CMS, but sometimes its power comes with risk. On February 26, 2024, a security flaw was reported in the
CVE-2024-12326 - Bypassing SVG Preview Restrictions in Jirafeau via Mixed-Case MIME Types
Date Published: 2024-06-20
Overview
Jirafeau is a popular open-source lightweight file sharing web application. By design, it prevents the preview of SVG files in browsers—
CVE-2024-53794 - Deep Dive Into Stored XSS in Arkhe Blocks by LOOS,Inc. (Up to 2.27.)
Cross-Site Scripting (XSS) still plagues modern web apps, and the vulnerability CVE-2024-53794 shows just how easy it is for stored XSS attacks to slip into
CVE-2024-11321 - Reflected XSS in Hi e-learning LMS — How It Works, Exploit Details, and What You Need to Know
On March 1, 2024, a new vulnerability, CVE-2024-11321, was disclosed, targeting the Hi e-learning Learning Management System (LMS). This flaw is an “Improper Neutralization of
CVE-2024-10879 - How ForumWP for WordPress Exposed Sites to Reflected XSS (& Exploit Guide)
WordPress powers millions of websites, and plugins are a big reason for that popularity. However, plugins can sometimes introduce security risks, and CVE-2024-10879 is a
Episode
00:00:00
00:00:00