The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
#JOURNAL

404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.

ProPublica is an independent, non-profit newsroom that produces investigative journalism in the public interest.

Distributed Denial of Secrets (DDoSecrets) is a journalist 501(c)(3) non-profit publishing and archiving leaks, and devoted to the free transmission of data in the public interest.

How new surveillance states keep democracy and the public in check.

Introducing a project to track down and catalogue the vast wealth held outside Russia by oligarchs and key figures close to Russian President Vladimir Putin.

Sparked by a leak of emails from the Colombian prosecutor’s office, NarcoFiles is the largest investigative project on organized crime to originate in Latin America.

This is the largest ever leak of account data from a major Swiss bank. Here are the stories we found inside.