Security Links
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.

About the Project

hacker

What Is It

A curated list of websites for cybersecurity. I'm a security enthusiast and love looking at websites/blogs about cybersecurity, especially offensive security. So I wanted to create something like a huge library.

Why Made It

Many people who visit this site probably think, "This is just a collection of links." That's right. The reason I made it is mainly for myself. There are so many sites out there that attract me, so it was unrealistic to list them all in my personal task management tool or add them all to my browser's bookmarks. In addition, I wanted to try something new tools/frameworks such as Astro.js.

Disclaimer

Security Links essentially lists sites without permission from the site owner. If your site is listed here and you want it to be excluded please contact me (see below). I'll exclude it immediately.

Contact Me

If you would like to issue or send a message, please email at hdks.bug[at]gmail.com