CVE-2024-12385 |
Description: The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 19th, 2025 (6 months ago)
|
CVE-2024-12071 |
Description: The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 19th, 2025 (6 months ago)
|
![]() |
Description: Earlier this week, Ubisoft released Assassin's Creed Valhalla and Assassin's Creed Origins patches to fix Windows 11 24H2 compatibility issues that caused crashes, freezes, and audio problems. [...]
January 18th, 2025 (6 months ago)
|
![]() |
Description: The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers' precise geolocation and driving behavior data without first obtaining their consent. [...]
January 18th, 2025 (6 months ago)
|
![]() |
Description: crocs Claims to be Selling the Data of SEAG
January 18th, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims be Selling Chinese Citizens Passport Data
January 18th, 2025 (6 months ago)
|
![]() |
Description: That’s my secret Captain…I’m always traumatized.
January 18th, 2025 (6 months ago)
|
![]() |
Description: In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
January 18th, 2025 (6 months ago)
|
![]() |
Description: The U.S. Supreme Court has unanimously upheld a federal law banning TikTok unless its parent company, ByteDance, divests its ownership. This decision, grounded in national security concerns, has ignited debates over data privacy, free speech, and the broader impact of government intervention in tech regulation. With TikTok threatening to “go dark” on January 19 unless …
The post TikTok Ban Sparks Debate Over Digital Privacy and Govt Control appeared first on CyberInsider.
January 18th, 2025 (6 months ago)
|
![]() |
Description: Hotel management platform Otelier has suffered a major data breach, exposing millions of guest reservations and personal details from well-known hotel brands such as Marriott, Hilton, and Hyatt. The breach, which began in July 2024 and persisted until October, resulted in nearly 8TB of data being stolen from the company's Amazon S3 cloud storage. Otelier, …
The post Otelier Breach Exposes Marriot, Hilton Bookings and Client Info appeared first on CyberInsider.
January 18th, 2025 (6 months ago)
|