Tag: 2025-01-02

2 Attack Reports | 232 Vulnerabilities

Attack reports

Cyberhaven’s preliminary analysis of the recent malicious Chrome extension

A phishing attack on December 24th, 2024 compromised a Cyberhaven employee's access to the Google Chrome Web Store, leading to the publication of a malicious version of their Chrome extension. This was part of a larger campaign targeting Chrome Extension developers, primarily aiming at Facebook Ads…

data exfiltration

chrome extension

command and control

Published: January 2, 2025

Downloadable IOCs: 5

Analysis of the attack activities of APT-C-26 (Lazarus) using weaponized IPMsg software

The Lazarus group, a highly active APT organization, has been observed weaponizing the IPMsg installer for attacks. When executed, the malicious installer releases the official IPMsg version 5.6.18.0 to deceive users while activating a malicious DLL in memory. This DLL connects to a remote control …

social engineering

c2 communication

att_loader_dll.dll

weaponized installer

Published: January 2, 2025

Downloadable IOCs: 3

Click here to see more Attack Reports

Vulnerabilities

CVE-2024-56829

Huang Yaoshi Pharmaceutical Management Software

Published: January 2, 2025

CVE-2024-56249

WPMasterToolKit

Published: January 2, 2025

CVE-2023-47179

ByConsole WooODT Lite

Published: January 2, 2025

CVE-2024-39623

Listingpro

Published: January 2, 2025

CVE-2024-9950

Forescout SecureConnector

Published: January 2, 2025

CVE-2024-55540

Cyber Protect

Published: January 2, 2025

CVE-2024-55543

Cyber Protect

Published: January 2, 2025

CVE-2024-56247

Wp Post Author

Published: January 2, 2025

CVE-2024-56250

Just Writing Statistics

Published: January 2, 2025

CVE-2023-47224

Published: January 2, 2025

CVE-2023-47648

Published: January 2, 2025

CVE-2023-47693

Themefic Ultimate Addons for Contact Form 7

Published: January 2, 2025

CVE-2023-45104

WPDeveloper BetterLinks

Published: January 2, 2025

CVE-2024-12912

ASUS Router AiCloud

Published: January 2, 2025

CVE-2024-13062

ASUS Router

Published: January 2, 2025

CVE-2024-56027

BizSwoop Leads CRM

Published: January 2, 2025

CVE-2024-56028

Lemonade Social Networks Autoposter Pinterest

Published: January 2, 2025

CVE-2024-56029

Easy Language Switcher

Published: January 2, 2025

CVE-2024-56030

Published: January 2, 2025

CVE-2024-56032

FV Descriptions

Published: January 2, 2025

CVE-2024-56033

Think201 FAQs

Published: January 2, 2025

CVE-2024-56034

Irshad Services updates for customers

Published: January 2, 2025

CVE-2024-56035

Upload Scanner

Published: January 2, 2025

CVE-2024-56036

odPhotogallery

Published: January 2, 2025

CVE-2024-56037

Md Maruf Adnan Sami User Referral

Published: January 2, 2025

CVE-2024-56038

Published: January 2, 2025

CVE-2024-56060

Published: January 2, 2025

CVE-2024-56069

WP SuperBackup

Published: January 2, 2025

CVE-2023-46632

My Shortcodes

Published: January 2, 2025

CVE-2024-56018

Boston University (IS&T) BU Section Editing

Published: January 2, 2025

CVE-2024-56022

Preloader by WordPress Monsters

Published: January 2, 2025

CVE-2024-56023

WP eCommerce Quickpay

Published: January 2, 2025

CVE-2024-56024

DuoGeek Custom Dashboard Widget

Published: January 2, 2025

CVE-2024-56025

AdWork Media EZ Content Locker

Published: January 2, 2025

CVE-2024-56026

Simple Proxy

Published: January 2, 2025

CVE-2024-56267

Interactive UK Map

Published: January 2, 2025

CVE-2024-56014

Markyis Cool Olivia

Published: January 2, 2025

CVE-2023-48758

Published: January 2, 2025

CVE-2024-13102

D-Link DIR-816

Published: January 2, 2025

CVE-2024-13103

D-Link DIR-816 A2

Published: January 2, 2025

CVE-2024-13104

D-Link DIR-816

Published: January 2, 2025

CVE-2024-13105

D-Link DIR-816 A2

Published: January 2, 2025

CVE-2024-13106

D-Link DIR-816 A2

Published: January 2, 2025

CVE-2024-13107

D-Link DIR-816 A2

Published: January 2, 2025

CVE-2024-13108

D-Link DIR-816 A2

Published: January 2, 2025

CVE-2024-13109

Yunfan Learning Examination System

Published: January 2, 2025

CVE-2024-56137

Published: January 2, 2025

CVE-2024-56264

ACF City Selector

Published: January 2, 2025

CVE-2024-56019

Inline Footnotes

Published: January 2, 2025

CVE-2023-45275

Kali Forms Contact Form builder with drag & drop

Published: January 2, 2025

CVE-2023-46195

CoSchedule Headline Analyzer

Published: January 2, 2025

CVE-2023-46609

Published: January 2, 2025

CVE-2023-46610

Quill Forms

Published: January 2, 2025

CVE-2023-46631

Product Recommendation Quiz for eCommerce

Published: January 2, 2025

CVE-2023-46644

Published: January 2, 2025

CVE-2023-47180

Finale Lite

Published: January 2, 2025

CVE-2023-47689

Toast Plugins Animator

Published: January 2, 2025

CVE-2024-38790

Smartsupp Smartsupp – live chat, chatbots, AI and lead generation

Published: January 2, 2025

CVE-2024-56239

Themify Audio Dock

Published: January 2, 2025

CVE-2024-56240

Pronamic Google Maps

Published: January 2, 2025

CVE-2024-56241

WPKoi WPKoi Templates for Elementor

Published: January 2, 2025

CVE-2024-56242

Tychesoftwares

Arconix Shortcodes

Published: January 2, 2025

CVE-2024-56245

Premium Blocks - Gutenberg Blocks for WordPress

Published: January 2, 2025

CVE-2024-56246

POSIMYTH Nexter Blocks

Published: January 2, 2025

CVE-2024-56252

Enter Addons

Published: January 2, 2025

CVE-2024-56254

Move Addons For Elementor

Published: January 2, 2025

CVE-2024-56258

WPBlockArt Magazine Blocks

Published: January 2, 2025

CVE-2024-56259

Geodirectory

Published: January 2, 2025

CVE-2024-56260

StorePlugin ShopElement

Published: January 2, 2025

CVE-2024-56261

Project Showcase

Published: January 2, 2025

CVE-2024-56262

GS Plugins GS Coaches

Published: January 2, 2025

CVE-2024-56263

GS Shots for Dribbble

Published: January 2, 2025

CVE-2024-56302

ConvertCalculator for WordPress

Published: January 2, 2025

CVE-2024-56257

CoolPlugins Coins MarketCap

Published: January 2, 2025

CVE-2024-56268

WP Hait Post Grid Elementor Addon

Published: January 2, 2025

CVE-2022-45830

Published: January 2, 2025

CVE-2023-40327

Putler Connector for WooCommerce

Published: January 2, 2025

CVE-2023-45633

IMPress Listings

Published: January 2, 2025

CVE-2024-56266

Mp3 Audio Player For Music\, Radio \& Podcast

Published: January 2, 2025

CVE-2024-13111

Beijing Yunfan Internet Technology Yunfan Learning Examination System

Published: January 2, 2025

CVE-2024-11717

CTFd

Published: January 2, 2025

CVE-2024-55541

Cyber Protect

Published: January 2, 2025

CVE-2024-56413

Acronis Cyber Protect

Published: January 2, 2025

CVE-2024-11357

goodlayers-core WordPress plugin

Published: January 2, 2025

CVE-2024-56237

Contest-Gallery

Contest Gallery

Published: January 2, 2025

CVE-2024-8447

Published: January 2, 2025

CVE-2022-49035

Linux Kernel

Published: January 2, 2025

CVE-2024-49385

Acronis True Image (Windows)

Published: January 2, 2025

CVE-2024-56414

Acronis Cyber Protect 16 (Windows)

Published: January 2, 2025

CVE-2002-20002

Net::EasyTCP package for Perl

Published: January 2, 2025

CVE-2024-56830

Net::EasyTCP package for Perl

Published: January 2, 2025

CVE-2023-45045

WP Custom Widget area

Published: January 2, 2025

CVE-2023-45636

WebToffee WordPress Backup & Migration

Published: January 2, 2025

CVE-2023-45828

RumbleTalk Live Group Chat

Published: January 2, 2025

CVE-2023-46079

WP Royal Ashe Extra

Published: January 2, 2025

CVE-2023-46607

WP iCal Availability

Published: January 2, 2025

CVE-2023-46616

Draw Attention

Published: January 2, 2025

CVE-2023-46633

Published: January 2, 2025

CVE-2023-47187

Animated Rotating Words

Published: January 2, 2025

CVE-2023-47225

KaizenCoders Short URL

Published: January 2, 2025

CVE-2023-47661

Dragfy Addons for Elementor

Published: January 2, 2025

CVE-2024-37469

Creativethemes

Blocksy

Published: January 2, 2025

CVE-2024-38729

Published: January 2, 2025

CVE-2024-38789

Telegram Bot & Channel

Published: January 2, 2025

CVE-2024-56244

Published: January 2, 2025

CVE-2024-56253

Data Tables Generator by Supsystic

Published: January 2, 2025

CVE-2024-37438

Uncanny Toolkit Pro for LearnDash

Published: January 2, 2025

CVE-2024-37925

BuddyBoss Theme

Published: January 2, 2025

CVE-2023-32240

Published: January 2, 2025

CVE-2023-45272

Map Builder For Google Maps

Published: January 2, 2025

CVE-2022-45811

Post Teaser Plugin

Published: January 2, 2025

CVE-2023-23672

Givewp

Published: January 2, 2025

CVE-2024-13092

Code-Projects

Job Recruitment

Published: January 2, 2025

CVE-2024-13093

Code-Projects

Job Recruitment

Published: January 2, 2025

CVE-2023-44258

Schema App Structured Data

Published: January 2, 2025

CVE-2023-45061

WP Job Openings

Published: January 2, 2025

CVE-2023-45649

CodePeople Appointment Hour Booking

Published: January 2, 2025

CVE-2023-45766

Published: January 2, 2025

CVE-2023-46073

DX Delete Attached Media

Published: January 2, 2025

CVE-2023-46082

Broken Link Checker | Finder

Published: January 2, 2025

CVE-2023-46083

Kali Forms Contact Form builder with drag & drop

Published: January 2, 2025

CVE-2023-46206

Published: January 2, 2025

CVE-2023-46309

Published: January 2, 2025

CVE-2023-46605

Convertful – Your Ultimate On-Site Conversion Tool

Published: January 2, 2025

CVE-2023-46606

Published: January 2, 2025

CVE-2023-46608

DoLogin Security

Published: January 2, 2025

CVE-2023-46611

Published: January 2, 2025

CVE-2023-46635

YITH WooCommerce Product Add-Ons

Published: January 2, 2025

CVE-2023-46637

Generate Dummy Posts

Published: January 2, 2025

CVE-2023-46639

kk Star Ratings

Published: January 2, 2025

CVE-2023-47183

Givewp

Published: January 2, 2025

CVE-2023-47188

Presstigers

Simple Job Board

Published: January 2, 2025

CVE-2023-47241

CoCart - Headless ecommerce

Published: January 2, 2025

CVE-2023-47515

Published: January 2, 2025

CVE-2024-56238

QuantumCloud Floating Action Buttons

Published: January 2, 2025

CVE-2024-13110

Beijing Yunfan Internet Technology Yunfan Learning Examination System

Published: January 2, 2025

CVE-2023-48739

Porto Theme

Published: January 2, 2025

CVE-2025-0171

Code-Projects

Chat System

Published: January 2, 2025

CVE-2022-47601

WP Table Manager

Published: January 2, 2025

CVE-2024-12907

Kentico CMS

Published: January 2, 2025

CVE-2025-0172

Code-Projects

Chat System

Published: January 2, 2025

CVE-2024-11716

CTFd

Published: January 2, 2025

CVE-2025-0173

Online Eyewear Shop

Published: January 2, 2025

CVE-2024-56199

Published: January 2, 2025

CVE-2024-56248

WPMasterToolKit

Published: January 2, 2025

CVE-2024-11184

WordPress plugin wp-enable-svg

Published: January 2, 2025

CVE-2024-12595

AHAthat Plugin WordPress plugin

Published: January 2, 2025

CVE-2024-48197

Audiocodes MP-202b

Published: January 2, 2025

CVE-2024-55542

Acronis Cyber Protect 16

Acronis Cyber Protect Cloud Agent

Published: January 2, 2025

CVE-2025-22214

Landray EIS

Published: January 2, 2025

CVE-2023-44988

WP Custom Admin Interface

Published: January 2, 2025

CVE-2023-45002

WP User Frontend

Published: January 2, 2025

CVE-2023-45101

Customer Reviews For Woocommerce

Published: January 2, 2025

CVE-2023-45110

BoldThemes Bold Timeline Lite

Published: January 2, 2025

CVE-2023-45271

WowStore Team ProductX - Gutenberg WooCommerce Blocks

Published: January 2, 2025

CVE-2023-45631

Gallery

Published: January 2, 2025

CVE-2023-45760

Published: January 2, 2025

CVE-2023-45765

Wp Erp

Published: January 2, 2025

CVE-2023-46080

Farhan Noor ApplyOnline – Application Form Builder and Manager

Published: January 2, 2025

CVE-2023-46188

Freesoul Deactivate Plugins - Plugin manager and cleanup

Published: January 2, 2025

CVE-2023-46196

Social proof testimonials and reviews by Repuso

Published: January 2, 2025

CVE-2023-46203

Just Custom Fields

Published: January 2, 2025

CVE-2023-46612

Published: January 2, 2025

CVE-2023-46628

Wp Word Count

Published: January 2, 2025

CVE-2023-47523

Ecreate Infotech Auto Tag Creator

Published: January 2, 2025

CVE-2023-47557

Visitors Traffic Real Time Statistics

Published: January 2, 2025

CVE-2023-47647

Published: January 2, 2025

CVE-2023-47692

Published: January 2, 2025

CVE-2024-37093

Stylemixthemes

Masterstudy Lms

Published: January 2, 2025

CVE-2024-37102

Blossom Themes Vilva

Published: January 2, 2025

CVE-2024-37103

Rara Theme Education Zone

Published: January 2, 2025

CVE-2024-37104

Rara Theme Chic Lite

Published: January 2, 2025

CVE-2024-37235

Published: January 2, 2025

CVE-2024-37236

Loco Translate

Published: January 2, 2025

CVE-2024-37238

WPAdverts - Classifieds Plugin

Published: January 2, 2025

CVE-2024-37240

Faboba Falang multilanguage

Published: January 2, 2025

CVE-2024-37242

Automattic Newspack Newsletters

Published: January 2, 2025

CVE-2024-37243

Blossom Themes Vandana Lite

Published: January 2, 2025

CVE-2024-37272

WP Travel Engine Travel Monster

Published: January 2, 2025

CVE-2024-37274

WP Mobile Menu

Published: January 2, 2025

CVE-2024-37412

Blossom Themes Blossom Shop

Published: January 2, 2025

CVE-2024-37413

Rara Theme Preschool and Kindergarten

Published: January 2, 2025

CVE-2024-37417

Published: January 2, 2025

CVE-2024-37421

Published: January 2, 2025

CVE-2024-37426

Rara Theme Elegant Pink

Published: January 2, 2025

CVE-2024-37431

Published: January 2, 2025

CVE-2024-37435

Rara Theme Perfect Portfolio

Published: January 2, 2025

CVE-2024-37441

Published: January 2, 2025

CVE-2024-37448

Published: January 2, 2025

CVE-2024-37450

Rara Theme Benevolent

Published: January 2, 2025

CVE-2024-37451

Travel Agency - Rara Theme

Published: January 2, 2025

CVE-2024-37458

Published: January 2, 2025

CVE-2024-37467

Published: January 2, 2025

CVE-2024-37473

Trendy News

Published: January 2, 2025

CVE-2024-37478

WP Royal Ashe

Published: January 2, 2025

CVE-2024-37490

WP Royal Bard

Published: January 2, 2025

CVE-2024-37491

Apollo13Themes Rife Free

Published: January 2, 2025

CVE-2024-37493

SKT Themes Posterity

Published: January 2, 2025

CVE-2024-37503

Rara Theme Lawyer Landing Page

Published: January 2, 2025

CVE-2024-37508

Rara Theme Construction Landing Page

Published: January 2, 2025

CVE-2024-37511

SWTE Swift Performance Lite

Published: January 2, 2025

CVE-2024-37518

The Events Calendar

Published: January 2, 2025

CVE-2024-37540

Leaky Paywall

Published: January 2, 2025

CVE-2024-37543

Ultimate Auction

Published: January 2, 2025

CVE-2024-37937

Rara Theme Rara Business

Published: January 2, 2025

CVE-2024-38691

Metorik - Reports & Email Automation for WooCommerce

Published: January 2, 2025

CVE-2024-38751

Google Adsense & Banner Ads by AdsforWP

Published: January 2, 2025

CVE-2024-38753

Animated Rotating Words

Published: January 2, 2025

CVE-2024-38754

Published: January 2, 2025

CVE-2024-38762

The Events Calendar Event Tickets

Published: January 2, 2025

CVE-2024-38763

Themes4WP Popularis Verse

Published: January 2, 2025

CVE-2024-38765

Freelancelot Oceanic

Published: January 2, 2025

CVE-2024-38766

Matomo Analytics

Published: January 2, 2025

CVE-2024-43927

Email Address Encoder

Published: January 2, 2025

CVE-2024-56236

Hestia Nginx Cache

Published: January 2, 2025

CVE-2024-56243

Published: January 2, 2025

CVE-2024-56251

Event Espresso Event Espresso 4 Decaf

Published: January 2, 2025

CVE-2024-56255

AyeCode Connect

Published: January 2, 2025

CVE-2024-38764

i-transform

Published: January 2, 2025

CVE-2024-38778

WP Fast Total Search

Published: January 2, 2025

CVE-2024-37237

Published: January 2, 2025

CVE-2024-37241

Automattic WP Job Manager - Resume Manager

Published: January 2, 2025

CVE-2024-37452

Schema Lite

Published: January 2, 2025

CVE-2024-37931

Creativthemes Point

Published: January 2, 2025

CVE-2024-38731

Published: January 2, 2025

CVE-2024-38732

VolThemes Patricia Blog

Published: January 2, 2025

CVE-2022-41995

Gallery Images Ape

Published: January 2, 2025

CVE-2022-43476

Subscribe to Category

Published: January 2, 2025

CVE-2023-39994

ARMember Premium

Published: January 2, 2025

CVE-2023-47778

LuckyWP LuckyWP Scripts Control

Published: January 2, 2025

CVE-2023-47807

10webanalytics

Published: January 2, 2025

CVE-2024-55538

Acronis True Image (Windows)

Acronis True Image (macOS)

Published: January 2, 2025

Click here to see more Vulnerabilities