[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#Account Takeover

blogHIGH 8.1

Understanding and Defending Against CVE-2026-7655: Privilege Escalation in SureCart Plugin

CVE-2026-7655 is a privilege escalation vulnerability in the SureCart plugin for WordPress, allowing unauthenticated attackers to takeover accounts by manipulating user details via webhook events. This vulnerability has a CVSS score of 8.1 and affects versions up to 4.2.3 of the plugin. Understanding the root cause and attack vector is crucial for defenders to implement effective mitigations.

Jul 12, 20261 source
newsCRITICAL 9.0

CVE-2026-11374: ManageEngine Products Vulnerable to Predictable SSO Ticket IDs Leading to Account Takeover

A critical vulnerability (CVE-2026-11374, CVSS score of 9) in multiple ManageEngine products allows unauthenticated users to predict SSO ticket IDs, leading to account takeover. Affected products include ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. Immediate action is required to update vulnerable versions.

Jun 24, 20261 source