HEY.com stored XSS
HackerOne vulnerability report: An attacker can bypass the HEY.com HTML sanitizer and inject arbitrary unsafe HTML in emails. A HEY user viewing
Third stored XSS vulnerability in Yahoo Mail
Tweet:
Google Forms (WordPress plugin) SSRF vulnerability
Overview Google Forms is a WordPress plugin that can be used to embed forms from Google Docs. It has 20,000+ active install as
Formidable Forms vulnerabilities
Overview Formidable Forms is a WordPress plugin with over 200,000 active installs. It is used for creating contact forms, polls, surveys, and other
Lazy Load stored XSS
Overview Lazy Load is a WordPress plugin with over 90,000 active installs. It was developed by Automattic, TechCrunch, and 10up LLC. The
Yahoo bug in the news
Vice: Hacker Finds a Way to Break Into Any Yahoo Mail Inbox, Gets $10,000 Threatpost: Yahoo Mail XSS Bug Worth Another $10K
Klikki finds a vulnerability affecting about 100 million users – $20,000 bug bounty
In Finnish: https://www.iltalehti.fi/digiuutiset/a/201710242200482733
WP Engine security issues
Overview WP Engine is a managed WordPress hosting platform. When it comes to security, WP Engine seems to offer a lot of
BTTV Chrome extension stored XSS
BetterTTV (BTTV) is a web browser add-on popular among Twitch.tv users. It offers many features to enhance the video streaming and viewing experience
Yahoo Mail stored XSS #2
A security vulnerability in Yahoo Mail was fixed last week. The flaw allowed an attacker to read a victim’s email or create