Threat Post

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin. An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, ...
Searchenginejournal.com

Nine WordPress Plugins Expose Over 1.3 Million Sites To Exploits

The United States Government Vulnerability Database and WordPress security researchers published alerts of WordPress plugin vulnerabilities. Among those plugins, nine of the most popular plugins ...
Dark Reading

Researcher Details New Class Of Cross-Site Scripting Attack

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research ...
ZDNet

PayPal fixes reflected XSS vulnerability in user wallet currency converter

First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue. The bug was found ...
Searchenginejournal.com

Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million

The affected contact form plugins are Ninja Forms, (with over 800,000 installations) and Contact Form Plugin by Fluent Forms (+300,000 installations). The vulnerabilities are not related to each other ...
Threat Post

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications. Most automated scanning and security ...
CSOonline

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Security researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and ...