It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Critical vulnerability discovered on “Spam protection, AntiSpam, FireWall” in WordPress. The flaw in the plugin can be used to extract sensitive info from a site’s database, including user emails and password hashes. There is also a PoC
A new vulnerability in WordPress plugins has been discovered: this time it concerns “Spam protection, AntiSpam, FireWall” by CleanTalk. Wordfence cybersecurity experts denounce this. The flaw, known as CVE-2021-24295, could be used to extract sensitive information from a site’s database, including user emails and password hashes, all remotely. Moreover, a Proof of Concept (PoC) is circulating on the web, which explains how to exploit the vulnerability to launch attacks. The manufacturer in recent days has released a patch that solves the problem, it is essential to install it as soon as possible.