Hacked.be

Cybersecurity blog by Rein Daelman

CVE-2024-9504 - Stored XSS via SVG File Upload

November 30, 2024

CVE-2024-9504 is a security flaw in the 'Booking calendar, Appointment Booking System' WordPress plugin. The vulnerability allows attackers to upload SVG files, resulting in stored XSS.

Rein Daelman

More Stories

CVE-2024-8856 - Unauthenticated RCE via Arbitrary File Upload

November 20, 2024

Today, I wanted to talk about CVE-2024-8856, a critical vulnerability I found and reported through WordFence. The issue was found in the WP Time Capsule plugin, which has over 20,000 active installations.

Rein Daelman