CVE-2024-22277 – VMware Cloud Director Availability Vulnerability
July 8, 2024LokiBot Malware – Active IOCs
July 9, 2024CVE-2024-22277 – VMware Cloud Director Availability Vulnerability
July 8, 2024LokiBot Malware – Active IOCs
July 9, 2024Severity
Medium
Analysis Summary
CVE-2022-44587 CVSS:5.3
WP 2FA plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by insertion of sensitive information into log file vulnerability. By accessing the log file, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-38344 CVSS:4.3
WP Tweet Walls Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2022-44587
- CVE-2024-38344
Affected Vendors
Affected Products
- 2FA plugin for WordPress 2.6.3
- Tweet Walls Plugin for WordPress
Remediation
Upgrade to the latest version for WordPress, available from the WordPress Plugin Directory.