The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
#TRAINING

The fast, easy, and affordable way to train your hacking skills.

Learn to secure the web one step at a time, with our practical, interactive learning materials. Covering the latest research, and completely free.

Whether you've just started your hacker journey or you're just looking for some new challenges, the Hacker101 CTF has something for you.

A fun, free platform for learning modern cryptography.

A comprehensive module-based malware development course that provides fundamental to advanced level training|

A free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

NEW

SecureWeb3 Academy offers online training courses to provide awareness of a range of web3 risks and threats and how to mitigate these. our training delivers the latest information and valuable insights to help you and your organisation navigate the emerging landscape of web3 technology with confidence.

An intro to binary exploitation / reverse engineering course based around ctf challenges.

The cybersecurity upskilling platform. Hack The Box gives individuals, businesses and universities the tools they need to continuously improve their cybersecurity capabilities — all in one place.

linux-training.be gives you books for free to study Linux.

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

Courses to learn more about blue team skills. Check out our hands-on courses to gain and sharpen investigation/detection skills.

The Ethernaut is a Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players.

exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.

Have fun hacking our virtual machines and learning.

Free Training Tutorials & Videos for IT Courses.

Developer security training from Snyk. Snyk Learn teaches developers how to stay secure with interactive lessons exploring vulnerabilities across a variety of languages and ecosystems.

NEW

Node.js Secure Coding blog and educational training content. Master hands-on Node.js security with Node.js Secure Coding education and learn how to defend against JavaScript Command Injection vulnerabilities and gain backend development skills to exploit and prevent Path Traversal attacks by reviewing real-world vulnerable npm packages and insecure code.

Learn ethical hacking skills with hands-on labs and education from cyber security experts.

Training services from Alex Ionescu and Yarden Shafir.