CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

A critical security vulnerability, CVE-2024-2189, has been identified in the Social Icons Widget & Block WordPress plugin, which boasts over 100k installations. This vulnerability exposes websites to the risk of Stored Cross-Site Scripting (XSS) attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-3368 – All in One SEO – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

CVE-2024-3368 – All in One SEO – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

A critical security flaw has been discovered in the widely-used WordPress plugin, All in One SEO with more then 3 millions installations, marked as CVE-2024-3368. This vulnerability poses a significant threat, allowing attackers to execute malicious code through Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of admin accounts by contributors.

CVE-2024-2837 – WP Chat App – Stored XSS to JS backdoor creation – POC

CVE-2024-2837 – WP Chat App – Stored XSS to JS backdoor creation – POC

The discovery of CVE-2024-2837 has unveiled a chilling reality within WP Chat App, where a Stored XSS vulnerability lurks. This flaw permits the injection of malicious scripts, opening the floodgates to potential backdoors. Let’s delve into the depths of this digital menace. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2159 – Sassy Social Share – Stored XSS to JS backdoor creation – POC

CVE-2024-2159 – Sassy Social Share – Stored XSS to JS backdoor creation – POC

A critical vulnerability, CVE-2024-2159, has been uncovered in Sassy Social Share, exposing websites to a potent threat. This flaw allows attackers to execute Stored XSS attacks, potentially leading to JavaScript backdoors and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2310 – WP Google Review Slider – Stored XSS to JS backdoor creation – POC

CVE-2024-2310 – WP Google Review Slider – Stored XSS to JS backdoor creation – POC

CVE-2024-2310 exposes the perilous side of WP Google Review Slider. This vulnerability, discovered during plugin testing, transforms innocuous user interactions into a gateway for malicious actors, potentially compromising website security. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).