Cyber Daily

Pressing matter: A global WordPress ClickFix malware campaign is targeting Australian websites

Rapid7 researchers spot a malicious campaign aimed at harvesting credentials and digital wallets from Windows machines.
GitHub

nuclei_poc /poc_all /java

The Async Javascript plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '&aj_gtmetrix_username=' and '&aj_gtmetrix_api_key=' parameters in versions up to, and including, 2.20.12 ...
GitHub

360deg_javascript_viewer-25a8169d-1057-4cf2-9048-fb85f62d6ead.yaml

fofa-query: "wp-content/plugins/360deg-javascript-viewer/" google-query: inurl:"/wp-content/plugins/360deg-javascript-viewer/" shodan-query: 'http.html:"wp-content ...