Security Links
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

BLADE Framework

The Business Logic Attack Definition (BLADE) Framework, is an open-source knowledge-base created to help cybersecurity professionals identify the phases, tactics and techniques used by adversaries to exploit weaknesses in the business logic of web facing systems (websites and APIs). There are a range of attack frameworks (such as Mitre ATT&CK and Lockheed-Martin Kill Chain) available to allow cyber-security experts to model and respond to traditional cyber-attacks which aimed to exploit technology weaknesses in systems. These frameworks are not well suited for modelling business logic focused attacks yet these kind of attacks are becoming increasingly common.

Visit Website
Bitdefender

Smart Cybersecurity for a Smarter World. AI-Powered Protection for Your Small Business.

Buy Now Promote Certo

Detect spyware with Certo AntiSpy

Promote