Tag: 2024-11-16

3 Attack Reports | 50 Vulnerabilities

Attack reports

Fake AI video generators infect Windows, macOS with infostealers

Threat actors are using fake AI image and video generators to distribute Lumma Stealer and AMOS information-stealing malware on Windows and macOS. These malicious programs masquerade as an AI application called EditProAI, targeting users through search results and social media advertisements. The m…
social engineering
windows
infostealer
macos
lumma stealer
credential theft
ai
2024-11-16
deepfake
Published: November 16, 2024
Downloadable IOCs: 0

Weaponizing FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

A Chinese state-affiliated threat actor, BrazenBamboo, has exploited a zero-day vulnerability in Fortinet's Windows VPN client to steal user credentials. The vulnerability allows extraction of login information from the FortiClient process memory. BrazenBamboo uses two malware families: DEEPDATA, a…
lightspy
zero-day
credential theft
vpn
post-exploitation
chinese threat actor
2024-11-16
deeppost
deepdata
forticlient
Published: November 16, 2024
Downloadable IOCs: 0

Glove Stealer bypasses Chrome's App-Bound Encryption to steal cookies

Researchers have discovered a new .NET-based information stealer called Glove Stealer that targets browser extensions and local software to steal sensitive data like cookies, passwords, and cryptocurrency wallets. It uses a novel technique to bypass Chrome's App-Bound encryption by exploiting the I…
malware
phishing
information stealer
2024-11-16
chrome
encryption bypass
glove stealer
Published: November 16, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-52416

10.0
    Debug Tool
  • Version(s): n/a, 2.2
Published: November 16, 2024

CVE-2024-52399

9.9
    Clarisse K. Writer Helper
  • Version(s): n/a - 3.1.6
Published: November 16, 2024

CVE-2024-52400

9.9
    Gallerio
  • Version(s): n/a through 1.01
Published: November 16, 2024

CVE-2024-52403

9.9
    WPExperts User Management
  • Version(s): from n/a, through 1.1
Published: November 16, 2024

CVE-2024-52404

9.9
    Bigfive CF7 Reply Manager
  • Version(s): n/a, 1.2.3
Published: November 16, 2024

CVE-2024-52405

9.9
    B-Banner Slider
  • Version(s): n/a, 1.1
Published: November 16, 2024

CVE-2024-52406

9.9
    Wibergs Web CSV to html
  • Version(s): n/a - 3.04
Published: November 16, 2024

CVE-2024-52407

9.9
    BasePress Migration Tools
  • Version(s): from n/a through 1.0.0
Published: November 16, 2024

CVE-2024-52408

9.9
    Team PushAssist Push Notifications for WordPress by PushAssist
  • Version(s): from n/a through 3.0.8
Published: November 16, 2024

CVE-2024-8856

9.8
    Backup and Staging by WP Time Capsule plugin for WordPress
  • Version(s): up to 1.22.21
Published: November 16, 2024

CVE-2024-52409

9.8
    Phan An AJAX Random Posts
  • Version(s): n/a, 0.3.3
Published: November 16, 2024

CVE-2024-52410

9.8
    Referrer Detector
  • Version(s): n/a, 4.2.1.0
Published: November 16, 2024

CVE-2024-52411

9.8
    Flowcraft UX Design Studio Advanced Personalization
  • Version(s): n/a, 1.1.2
Published: November 16, 2024

CVE-2024-52412

9.8
    Stephen Cui Xin
  • Version(s): n/a, 1.0.8.1
Published: November 16, 2024

CVE-2024-52413

9.8
    Airin Blog
  • Version(s): n/a, 1.6.1
Published: November 16, 2024

CVE-2024-52414

9.8
    Anthony Carbon WDES Responsive Mobile Menu
  • Version(s): n/a, 5.3.18
Published: November 16, 2024

CVE-2024-52398

9.1
    Halyra CDI
  • Version(s): n/a - 5.5.3
Published: November 16, 2024

CVE-2024-52397

9.1
    Convert Docx2post
  • Version(s): n/a, 1.4
Published: November 16, 2024

CVE-2024-9192

8.8
    WordPress Video Robot - The Ultimate Video Importer plugin
  • Version(s): up to 1.20.0
Published: November 16, 2024

CVE-2024-9849

8.8
    3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
  • Version(s): up to 4.6
Published: November 16, 2024

CVE-2024-10728

8.8
    Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX
  • Version(s): up to 4.1.16
Published: November 16, 2024

CVE-2024-52415

8.8
    SK WP Settings Backup
  • Version(s): from n/a through 1.0
Published: November 16, 2024

CVE-2024-9935

7.5
    Elementor Page Builder plugin for WordPress
  • Version(s): up to 1.7.5
Published: November 16, 2024

CVE-2024-10645

7.5
    WordPress Blogger 301 Redirect plugin
  • Version(s): up to 2.5.3
Published: November 16, 2024

CVE-2024-9839

7.3
    Uix Slideshow plugin for WordPress
  • Version(s): up to 1.6.5
Published: November 16, 2024

CVE-2024-9887

7.2
    Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress
  • Version(s): up to 1.15.6
Published: November 16, 2024

CVE-2024-10015

6.4
    ConvertCalculator for WordPress plugin
  • Version(s): up to 1.1.1
Published: November 16, 2024

CVE-2024-10017

6.4
    PJW Mime Config plugin for WordPress
  • Version(s): up to 1.0
Published: November 16, 2024

CVE-2024-10147

6.4
    Steel plugin for WordPress
  • Version(s): up to 1.3.0
Published: November 16, 2024

CVE-2024-11092

6.4
    SVGPlus plugin for WordPress
  • Version(s): up to 1.1.0
Published: November 16, 2024

CVE-2024-9386

6.4
    Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress
  • Version(s): up to 1.4
Published: November 16, 2024

CVE-2024-9850

6.4
    WordPress SVG Case Study plugin
  • Version(s): up to 1.0
Published: November 16, 2024

CVE-2024-10592

6.4
    Mapster WP Maps plugin for WordPress
  • Version(s): up to 1.6.0
Published: November 16, 2024

CVE-2024-10262

6.3
    Drop Shadow Boxes plugin for WordPress
  • Version(s): up to 1.7.14
Published: November 16, 2024

CVE-2024-10875

6.1
    Gallery Manager plugin for WordPress
  • Version(s): up to 1.6.58
Published: November 16, 2024

CVE-2024-10883

6.1
    SimpleForm - Contact form made simple plugin for WordPress
  • Version(s): up to 2.2.0
Published: November 16, 2024

CVE-2024-10884

6.1
    SimpleForm Contact Form Submissions plugin for WordPress
  • Version(s): up to 2.1.0
Published: November 16, 2024

CVE-2024-8873

6.1
    PeproDev WooCommerce Receipt Uploader plugin for WordPress
  • Version(s): up to 2.6.9
Published: November 16, 2024

CVE-2024-9615

6.1
    BulkPress plugin for WordPress
  • Version(s): up to 0.3.5
Published: November 16, 2024

CVE-2024-9938

6.1
    Bounce Handler MailPoet 3 plugin for WordPress
  • Version(s): up to 1.3.21
Published: November 16, 2024

CVE-2024-11085

5.4
    WP Log Viewer plugin for WordPress
  • Version(s): up to 1.2.1
Published: November 16, 2024

CVE-2024-10861

5.3
    Popup Box - Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress
  • Version(s): up to 4.9.7
Published: November 16, 2024

CVE-2024-11118

5.3
    WordPress 404 Error Monitor plugin
  • Version(s): up to 1.1
Published: November 16, 2024

CVE-2024-11094

5.3
    404 Solution plugin for WordPress
  • Version(s): up to 2.35.17
Published: November 16, 2024

CVE-2024-52386

5.3
    Classified Listing by RadiusTheme
  • Version(s): from n/a through 3.1.15.1
Published: November 16, 2024

CVE-2024-10786

4.3
    Simple Local Avatars plugin for WordPress
  • Version(s): up to 2.7.11
Published: November 16, 2024

CVE-2024-10795

4.3
    Popularis Extra plugin for WordPress
  • Version(s): up to 1.2.7
Published: November 16, 2024

CVE-2024-10533

4.3
    WP Chat App plugin for WordPress
  • Version(s): up to 3.6.8
Published: November 16, 2024

CVE-2024-6628

4.3
    EleForms – All In One Form Integration including DB for Elementor plugin for WordPress
  • Version(s): up to 2.9.9.9
Published: November 16, 2024

CVE-2024-10614

4.3
    Customer Reviews for WooCommerce plugin
  • Version(s): up to 5.61.0
Published: November 16, 2024
Click here to see more Vulnerabilities