Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Mi 10.07.2024 00:00:02 7.216 0 600.179 83,2 NerdCulture 4.2.10 1.000 Di 09.07.2024 00:00:03 7.216 -1 599.665 83,1 NerdCulture 4.2.10 1.000 Mo 08.07.2024 00:01:18 7.217 0 599.198 83,0 NerdCulture 4.2.10 1.000 So 07.07.2024 00:00:01 7.217 0 598.597 82,9 NerdCulture 4.2.10 1.000 Sa 06.07.2024 00:00:40 7.217 0 598.148 82,9 NerdCulture 4.2.10 1.000 Fr 05.07.2024 00:01:08 7.217 -1 597.685 82,8 NerdCulture 4.2.10 500 Do 04.07.2024 00:00:05 7.218 0 596.869 82,7 NerdCulture 4.2.9 500 Mi 03.07.2024 00:02:06 7.218 +2 596.470 82,6 NerdCulture 4.2.9 500 Di 02.07.2024 00:01:46 7.216 0 596.034 82,6 NerdCulture 4.2.9 500 Mo 01.07.2024 00:01:27 7.216 0 595.653 82,5 NerdCulture 4.2.9 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 229 · Folger: 24
Mi 10.07.2024 15:58
Threat Actor’s target WordPress Calendar Plugin used by 150k Sites.
Threat Actor’s are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150k websites to upload arbitrary files to a vulnerable site and execute code remotely.
#wordpress #calendar #plugin #it #security #privacy #tech #engineer #news
The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). Modern Event Calendar versions up to and including 7.11.0 have no checks for the file type of extension in uploaded image files, allowing any file type, including risky .PHP files, to be uploaded.
[Öffentlich] Antw.: 0 Wtrl.: 3 Fav.: 0 · via Metatext