cybermaterial.com
Open in
urlscan Pro
35.244.172.81
Public Scan
URL:
https://cybermaterial.com/critical-security-flaw-in-wordpress-theme/
Submission: On April 26 via api from US — Scanned from DE
Submission: On April 26 via api from US — Scanned from DE
Form analysis 8 forms found in the DOM
GET https://cybermaterial.com/
<form action="https://cybermaterial.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>GET https://cybermaterial.com/
<form action="https://cybermaterial.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>GET https://cybermaterial.com/
<form action="https://cybermaterial.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>POST /critical-security-flaw-in-wordpress-theme/#wpcf7-f101133-p124961-o1
<form action="/critical-security-flaw-in-wordpress-theme/#wpcf7-f101133-p124961-o1" method="post" class="wpcf7-form init" aria-label="Contact form" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="101133">
<input type="hidden" name="_wpcf7_version" value="5.9.3">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f101133-p124961-o1">
<input type="hidden" name="_wpcf7_container_post" value="124961">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
<input type="hidden" name="_wpcf7_recaptcha_response"
value="03AFcWeA7vSz30IFsaOGJ5ZMFU9tJcqqcgp64Dl79Gpra3AxgoshQqEivF3BN4t0TGS6M0KLgNPP5QEvC917LuD1DFzd48JU1BEwtAJl4wDTAvJPKXvSlAEWW06R4fclAZE4gAky_0l_TSWm-jFeVPHnL-STop0abxx6cjcFiq_4YGBRbYctP0fiifQOXRgKspb_nmPYZHEnsGoj_EO88BKcLTrdp9oOIMHpoFtGfyOlAuSjLCNa5byujlF_8Qkh7te0wVIyUlRpb8-0jtuvNWbcIQ8MdCfNfBG7yiyvo0CNHXloCLnVej0cb6fxwGFYrwcqw-fUTUtcu0pTBCnbyJpNif9U07qAhIeoehp1t-QWQf96iaSdVje9iL27dKvraedrBuD2zR6C0hjoVvbDK4L5Mbwvk0l2EwQ_A3m-kUzqT3UEJA8Xurj7-SmxLLBLFSuKw5EtqNMRchcYq-CJMcduarzTImuHoFroy5TsxIx-GC2D8OWes7qBq1694eWEJ4syGxTJ-vn-qfqCeJcDkG04cq8IiBCzWLJEsuNEOjeHERCayFxk4hCLsP4mQS4i2qMfscZBxYTg3qpJ9yHYeHGLVZlRacRVZ39ILoRYw3lM9PC9-VgptBJc9xq3hlf5aCBpMdAjHrJQRxImIHD5ehJ8uUjhAoFWlD1RW_9CZWYWeGl7amWIoeXKqQ5qypSJmIhlF36gr_Hz6PDxKH97VblaCi2HxLP6KJGe4E025uyrgySuK_cr6i8iKpgg8zICnZ2RkdZZ_BJnjPRHtUYYbVjqvN1o5zdbPkmdrtSUJGS8N3W8jP7c5CCD05frwoY3injLcqdPcovJT7V2N84UeP9X6r9_kxyuX2S-wlyHDdYfedWOC1sUrR3mwqHtj6acf98uXUhkKEoP0zghEl_X3MxmnjrjXCRDDQo1LKpU_yw5UCmgRrrIJw8t0enOSs2JRl5kP2Acfp19SZHZq1891MZ5ozmH8CGgAbn6R49A6cnYCx9NAhLlYWelTBQuh8VBKFWDhethllxzMDWr5T2uELe2pmpGSMcydkPgbpR8by8akI8RbpoRXeBePOSUQb8dPCsk3kA7Sh4GWQ9Ebnr3VErOYINY0a8Nb54IPpjsW9zEAaKFl4x8KXYKVN829XiQIIAVpBd5rB1x1V0xBEG0Ll_D_AUng56lhT8AzLClN3V7NNjfwXkhvR8D7dxczMuD2DDCCazN4sWvfUkzyWgunBg-z2sm5BW4EkEyiDcNTfQ6p43J-VkbMj04BEYHO96R_T0NZrgQeoUmzjq0hPmZBCw04m-QzD-LjoGK0sPgIeM0ZDUA30uGYVyuQxZu7bRXUegvFG_FdEg0G2eArIHG-AQLRvLwGXcvW816ugFmr48oXBz1JhWxKRGiQD9yHyZYhBTrp0IKeYNrnC5PgpzOKGJSupEK0LH9x7FY4mH47KkX3R7j8Kq4o0QSczlfReZztmuX3YiEU7aoENdpzpPiJwWx8z_iwn7CcAaYJAYLKHkP--jWcAoH4DKRsWGL5uFw7ZQTXN279G20RQiYo3-yN9j-vVHrvU220yFz_JLABnaYZs6RafazeBEfsEHIZ9UGYGaEqiL4fYmmKzFPEYbX6Y9N2d-HdbR8iObKIth5C-cQqsjtY11BD6VFuYKdCQhXLAx7eM3gcHRsTNn3n9IxudjBbdb1uSVmGxQlIkjDQO1kGOV-Yr5tjgX__5eMF3dQyvUK3r8t5gMdGS">
</div>
<p><label><br>
<span class="wpcf7-form-control-wrap" data-name="your-email"><input size="40" class="wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email" autocomplete="email" aria-required="true" aria-invalid="false"
placeholder="Your email" value="" type="email" name="your-email"></span> </label>
</p>
<p><label><span class="wpcf7-form-control-wrap" data-name="TermsConditions"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><label><input type="checkbox" name="TermsConditions" value="1" aria-invalid="false"><span
class="wpcf7-list-item-label">I accept the <a href="https://cybermaterial.com/legal-and-privacy-policy/"> Terms & Conditions* </a></span></label></span></span></span> </label>
</p>
<p><input class="wpcf7-form-control wpcf7-submit has-spinner" type="submit" value="Subscribe" disabled=""><span class="wpcf7-spinner"></span>
</p>
<div class="wpcf7-response-output" aria-hidden="true"></div>
</form>GET https://cybermaterial.com/
<form action="https://cybermaterial.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>POST #
<form action="#" data-type="login" method="post" accept-charset="utf-8">
<h3>Welcome Back!</h3>
<p>Login to your account below</p>
<!-- Form Messages -->
<div class="form-message"></div>
<p class="input_field">
<input type="text" name="username" placeholder="Username" value="">
</p>
<p class="input_field">
<input type="password" name="password" placeholder="Password" value="">
</p>
<p class="input_field remember_me">
<input type="checkbox" id="remember_me" name="remember_me" value="true">
<label for="remember_me">Remember Me</label>
</p>
<p class="submit">
<input type="hidden" name="action" value="login_handler">
<input type="hidden" name="jnews_nonce" value="2ba1bcefe3">
<input type="submit" name="jeg_login_button" class="button" value="Log In" data-process="Processing . . ." data-string="Log In">
</p>
<div class="bottom_links clearfix">
<a href="#jeg_forgotform" class="jeg_popuplink forgot">Forgotten Password?</a>
</div>
</form>POST #
<form action="#" data-type="forgot" method="post" accept-charset="utf-8">
<h3>Retrieve your password</h3>
<p>Please enter your username or email address to reset your password.</p>
<!-- Form Messages -->
<div class="form-message"></div>
<p class="input_field">
<input type="text" name="user_login" placeholder="Your email or username" value="">
</p>
<div class="g-recaptcha" data-sitekey=""></div>
<p class="submit">
<input type="hidden" name="action" value="forget_password_handler">
<input type="hidden" name="jnews_nonce" value="2ba1bcefe3">
<input type="submit" name="jeg_login_button" class="button" value="Reset Password" data-process="Processing . . ." data-string="Reset Password">
</p>
<div class="bottom_links clearfix">
<a href="#jeg_loginform" class="jeg_popuplink"><i class="fa fa-lock"></i> Log In</a>
</div>
</form>POST #
<form action="#" method="post" accept-charset="utf-8">
<h3>Add New Playlist</h3>
<!-- Form Messages -->
<div class="form-message"></div>
<div class="form-group">
<p class="input_field">
<input type="text" name="title" placeholder="Playlist Name" value="">
</p>
<p class="input_field">
<select name="visibility">
<option disabled="" selected="selected" value="">- Select Visibility -</option>
<option value="public">Public</option>
<option value="private">Private</option>
</select>
</p>
<!-- submit button -->
<div class="submit">
<input type="hidden" name="type" value="create_playlist">
<input type="hidden" name="action" value="playlist_handler">
<input type="hidden" name="post_id" value="">
<input type="hidden" name="jnews-playlist-nonce" value="cc4454b86e">
<input type="submit" name="jeg_save_button" class="button" value="Save" data-process="Processing . . ." data-string="Save">
</div>
</div>
</form>Text Content
We value your privacy We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Customize Reject All Accept All Customize Consent Preferences We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below. The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... Show more NecessaryAlways Active These cookies are strictly necessary for your website to properly function, and therefore cannot be disabled by your users. * Cookie _GRECAPTCHA * Duration 90 days * Description Stores a value used to verify that the user is not a bot * Cookie rc::f * Duration 180 days * Description Used to track and analyze user behavior to distinguish humans from bots or automated software. * Cookie rc::a * Duration 180 days * Description Used to track and analyze user behavior to distinguish humans from bots or automated software * Cookie _grecaptcha * Duration 180 days * Description Stores a value used to verify that the user is not a bot Functional Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. * Cookie yt-remote-device-id * Duration 180 days * Description Stores a unique ID for the user's device for YouTube * Cookie yt-remote-connected-devices * Duration 180 days * Description Stores a list of connected devices for YouTube * Cookie ytidb::LAST_RESULT_ENTRY_KEY * Duration 180 days * Description Stores the last result entry key used by YouTube Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. * Cookie _ga_# * Duration 180 days * Description Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions * Cookie _ga * Duration 180 days * Description Records a particular ID used to come up with data about website usage by the user * Cookie _clck * Duration 180 days * Description Persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID * Cookie _clsk * Duration 180 days * Description Connects multiple page views by a user into a single Clarity session recording * Cookie CLID * Duration 180 days * Description Identifies the first-time Clarity saw this user on any site using Clarity * Cookie MUID * Duration 3 years * Description Sets a unique user id for tracking how the user uses the site. Persistent cookie that is saved for 3 years Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. * Cookie MR * Duration 180 days * Description This cookie is used by Microsoft to reset or refresh the MUID cookie. * Cookie yt-remote-device-id * Duration 180 days * Description Stores a unique ID for the user's device for YouTube * Cookie yt-remote-connected-devices * Duration 180 days * Description Stores a list of connected devices for YouTube * Cookie ytidb::LAST_RESULT_ENTRY_KEY * Duration 180 days * Description Stores the last result entry key used by YouTube * Cookie SM * Duration 180 days * Description Session cookie used to collect anonymous information on how visitors use a site to help improve their experience and for better target ads. Advertisement Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns. * Cookie SRM_B * Duration 180 days * Description Atlast Adserver used in conjunction with Bing services. * Cookie ANONCHK * Duration 180 days * Description Used by Bing as a unique user identifier for users seeing bing ads * Cookie VISITOR_INFO1_LIVE * Duration 180 days * Description YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. Used by Google in combination with SID to verify Google user account and most recent login time. Reject All Save My Preferences Accept All MENU * Alerts * Incidents * News * APTs * Cyber Decoded * Cyber Hygiene * Cyber Review * Cyber Tips * Definitions * Malware * Threat Actors * Tutorials USEFUL TOOLS * Password generator * Report an incident * Report to authorities No Result View All Result * Education * Cyber Decoded * Definitions * Information * Alerts * Incidents * News * Insights * Cyber Hygiene * Cyber Review * Tips * Tutorials * Support * Contact Us * Report an incident * About * About Us * Advertise with us Get Help * Education * Cyber Decoded * Definitions * Information * Alerts * Incidents * News * Insights * Cyber Hygiene * Cyber Review * Tips * Tutorials * Support * Contact Us * Report an incident * About * About Us * Advertise with us Get Help No Result View All Result No Result View All Result Home Alerts CRITICAL SECURITY FLAW IN WORDPRESS THEME April 23, 2024 Reading Time: 3 mins read in Alerts A critical vulnerability has been discovered in the WordPress theme named “Responsive,” identified as CVE-2024-2848. This flaw allows attackers to inject arbitrary HTML content into websites without requiring authentication. Specifically, the vulnerability is located in the footer section of the theme, where attackers can alter footer text through unauthorized modifications. This security gap was exposed due to a lack of a capability check within the theme’s save_footer_text_callback function, making every version up to 5.0.2 susceptible. The implications of this vulnerability are severe, posing significant risks to website integrity and user safety. Exploitation of the flaw could lead to various malicious activities, including the redirection of visitors to harmful websites or the display of spam and offensive content. These actions can severely damage a website’s reputation and erode the trust of its frequent visitors, potentially leading to a decrease in site traffic and engagement. In response to the discovery of this vulnerability, the developers of the Responsive theme have taken swift action to address the issue. They have released an update in version 5.0.3, which patches the vulnerability and prevents unauthorized HTML content injection. Additionally, the update introduces strengthened security measures to guard against similar vulnerabilities in the future, aiming to enhance the overall security posture of websites using this theme. Website administrators using the Responsive theme are strongly encouraged to update to the latest version immediately to protect their sites from potential threats. It is also recommended that they review the footer-copyright option in their WordPress database for any unauthorized changes and regularly monitor their website’s performance and appearance for any unusual activity. Keeping systems up-to-date and maintaining vigilance in monitoring are critical steps in ensuring website security against evolving cyber threats. REFERENCE: * Critical Flaw in WordPress ‘Responsive’ Theme Exposed Tags: April 2024Cyber AlertCyber Alerts 2024Cyber RiskHTMLWordpress ADVERTISEMENT RELATED POSTS IBM SECURITY TOOLS HIT BY XSS VULNERABILITY April 25, 2024 SSLOAD MALWARE STRIKES VIA GLOBAL PHISHING April 25, 2024 SEVERE FLOWMON FLAW ALLOWS REMOTE ACCESS April 25, 2024 BROKEWELL TROJAN STRIKES VIA CHROME UPDATE April 25, 2024 ARCANEDOOR BREACHES GOVT VIA CISCO FLAWS April 25, 2024 NORTH KOREAN HACKERS EXPLOIT ESCAN UPDATES April 24, 2024 LATEST ALERTS IBM SECURITY TOOLS HIT BY XSS VULNERABILITY SSLOAD MALWARE STRIKES VIA GLOBAL PHISHING SEVERE FLOWMON FLAW ALLOWS REMOTE ACCESS BROKEWELL TROJAN STRIKES VIA CHROME UPDATE ARCANEDOOR BREACHES GOVT VIA CISCO FLAWS NORTH KOREAN HACKERS EXPLOIT ESCAN UPDATES SUBSCRIBE TO OUR NEWSLETTER I accept the Terms & Conditions* LATEST INCIDENTS LEICESTER STREET LIGHTS NONSTOP AFTER HACK SANTA FE COMUNA HIT BY $56K CYBER THEFT SAN FRANCISCO LIBRARY NETWORK HIT BY HACK YIEDL CRYPTO PLATFORM HIT BY $157K HACK LINCOLN PROJECT SCAMMED FOR $35K VIA EMAIL RUSSIAN HACKERS STRIKE INDIANA WATER PLANT Next Post TODDYCAT EXPLOITS APAC GOVT DATA THEFT * About Us * Contact Us * Legal and Privacy Policy * Site Map © 2024 | CyberMaterial | All rights reserved No Result View All Result * Alerts * Incidents * News * Cyber Decoded * Cyber Hygiene * Cyber Review * Definitions * Malware * Cyber Tips * Tutorials * Advanced Persistent Threats * Threat Actors * Report an incident * Password Generator * About Us * Contact Us * Advertise with us Copyright © 2023 CyberMaterial WELCOME BACK! Login to your account below Remember Me Forgotten Password? RETRIEVE YOUR PASSWORD Please enter your username or email address to reset your password. Log In ADD NEW PLAYLIST - Select Visibility -PublicPrivate