CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user.

This Cyber News was published on www.tenable.com. Publication date: Sat, 15 Feb 2025 21:11:02 +0000

Cyber News related to CVE-2024-13525

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com

CVE-2024-13525 - The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level ...
4 days ago Tenable.com

CVE-2018-13525 - The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. ...
1 year ago

CVE-2019-13525 - In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. ...
5 years ago

CVE-2020-13525 - The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an ...
2 years ago

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com

CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9254 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9253 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9252 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9251 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9250 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9246 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

CVE-2024-9243 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
4 months ago Tenable.com

Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
1 year ago Blog.sekoia.io

Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
4 months ago Bleepingcomputer.com

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
4 months ago Securityaffairs.com

The Top 24 Security Predictions for 2024 - For 2024, top topics range from upcoming elections to regional wars to space exploration to advances in AI. And with technology playing a more central role in every area of life, annual cybersecurity prediction reports, cyber industry forecasts and ...
1 year ago Securityboulevard.com

Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
7 months ago Infosecurity-magazine.com

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
1 year ago Darkreading.com

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
7 months ago Unit42.paloaltonetworks.com

Latest Cyber News

New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware - 8 minutes ago
Phishing attack hides JavaScript using invisible Unicode trick - 24 minutes ago
Russian CryptoBytes Hackers Exploiting Windows Machines To Deploy UxCryptor Ransomware - 53 minutes ago
Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates - 1 hour ago
New Fake Browser Updates Deploy NetSupport RAT Malware on Your Windows - 2 hours ago
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments - 2 hours ago
New FrigidStealer infostealer infects Macs via fake browser updates - 2 hours ago
Australian fertility services giant Genea hit by security breach - 2 hours ago
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - 3 hours ago
Patch Now: Palo Alto Flaw Exploited in the Wild - 3 hours ago
Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News - 4 hours ago
INE Security's Cybersecurity and IT Training Enhances Career Stability in Tech - 4 hours ago
Palo Alto Networks tags new firewall bug as exploited in attacks - 5 hours ago
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - 5 hours ago
The Board's Role in Cyber-Risk Management in OT Environments - 5 hours ago
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - 5 hours ago
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - 6 hours ago
Lee Enterprises Says Ransomware Attack Compromises 'Critical' Systems - 6 hours ago
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets - 6 hours ago
Threat Actors Using $10 Infostealer Malware To Breach Critical US Security - 6 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware - 8 minutes ago
Phishing attack hides JavaScript using invisible Unicode trick - 24 minutes ago
Russian CryptoBytes Hackers Exploiting Windows Machines To Deploy UxCryptor Ransomware - 53 minutes ago
Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates - 1 hour ago
New Fake Browser Updates Deploy NetSupport RAT Malware on Your Windows - 2 hours ago
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments - 2 hours ago
Australian fertility services giant Genea hit by security breach - 2 hours ago
New FrigidStealer infostealer infects Macs via fake browser updates - 2 hours ago
Patch Now: Palo Alto Flaw Exploited in the Wild - 3 hours ago
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - 3 hours ago
Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News - 4 hours ago
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - 5 hours ago
Palo Alto Networks tags new firewall bug as exploited in attacks - 5 hours ago
INE Security's Cybersecurity and IT Training Enhances Career Stability in Tech - 4 hours ago
The Board's Role in Cyber-Risk Management in OT Environments - 5 hours ago
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - 5 hours ago
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - 6 hours ago
Lee Enterprises Says Ransomware Attack Compromises 'Critical' Systems - 6 hours ago
Threat Actors Using $10 Infostealer Malware To Breach Critical US Security - 6 hours ago
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets - 6 hours ago