DFA
Company Details
Linkedin ID:
dairy-farmers-of-america
Website:
Employees number:
7,917
Number of followers:
101,918
NAICS:
3115
Industry Type:
Homepage:
dfamilk.com
IP Addresses:
0
Company ID:
DAI_1539116
Scan Status:
In-progress
Dairy Farmers of America Company CyberSecurity Posture
dfamilk.com
At Dairy Farmers of America, our 19,000 employees work with one goal in mind – to bring value to our family farm-owners. As a farmer-owned cooperative, DFA offers rewarding jobs across the nation in a variety of fields, including manufacturing, accounting, communications, marketing, economics, on-farm field services, and more. We value our employees and reward them with competitive benefits, a supportive working environment, and growth opportunities. We capitalize on the strengths of each individual and ensure that each employee is challenged in their role. Through Dairy University, employees receive online training and job enhancement, classes. Employees also have the opportunity to grow within DFA. We also want our employees to live a healthy lifestyle and offer a health and wellness program that provides access to online classes and materials tailored to help our employees make healthier choices, as well as an Employee Assistance Program that helps employees with legal and health issues, such as advice on parenting or stress management, and free counseling sessions. At DFA, we understand that our employees provide value within our organization and in our community. We cultivate a culture of openness, transparency, and integrity where employees are encouraged to voice their opinions and share their ideas. We also believe we have a responsibility to give back the communities in which we operate and work to do so through the DFA Cares Foundation. Dairy Farmers of America, Inc. is an equal employment employer and is committed to providing employment opportunities to minorities, females, veterans, and disabled individuals.
Dairy Farmers of America A.I CyberSecurity Scoring
DFA Risk Score (AI oriented)Between 550 and 599
DFA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DFA Global Score (TPRM)XXXX
DFA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DFA Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Dairy Farmers of America
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Dairy Farmers of America (DFA), the largest dairy cooperative in the USA, experienced a ransomware attack that disrupted multiple dairy manufacturing plants. The ransomware group Play claimed responsibility, stating they stole confidential data including budget, payroll, accounting, taxes, and financial info. DFA has not confirmed the extent of the data breach or if a ransom was paid. The attack caused operational disruptions, affecting the processing and receiving of milk. DFA is working with IT professionals and cybersecurity experts for full recovery.
Dairy Farmers of America
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In June, the Dairy Farmers of America (DFA), a Kansas-based dairy cooperative with 19,000 employees and $24.5 billion in revenue, fell victim to a ransomware attack by the Play ransomware gang. The cybercriminals breached the company’s systems via a sophisticated social engineering campaign, exfiltrating sensitive personal data of 4,546 individuals, including names, Social Security numbers, driver’s license/ID numbers, dates of birth, bank account details, and Medicare/Medicaid numbers. The attack disrupted operations across multiple manufacturing plants within DFA’s network. While the investigation concluded on September 15, the incident exposed critical employee and member data, prompting the company to offer two years of identity protection services to victims. The Play gang, linked to over 900 attacks globally, has targeted high-profile entities like cities and counties, exacerbating concerns over rising cyber threats in the food and agriculture sector, which saw 84 attacks in Q1 2024 double the previous year’s figure. The breach underscores vulnerabilities in supply chain security and the escalating risks of data exfiltration paired with operational disruption in critical industries.
DFA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DFA
Incidents vs Dairy Product Manufacturing Industry Average (This Year)
No incidents recorded for Dairy Farmers of America in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Dairy Farmers of America in 2026.
Incident Types DFA vs Dairy Product Manufacturing Industry Avg (This Year)
No incidents recorded for Dairy Farmers of America in 2026.
Incident History — DFA (X = Date, Y = Severity)
DFA cyber incidents detection timeline including parent company and subsidiaries
DFA Company Subsidiaries
At Dairy Farmers of America, our 19,000 employees work with one goal in mind – to bring value to our family farm-owners. As a farmer-owned cooperative, DFA offers rewarding jobs across the nation in a variety of fields, including manufacturing, accounting, communications, marketing, economics, on-farm field services, and more. We value our employees and reward them with competitive benefits, a supportive working environment, and growth opportunities. We capitalize on the strengths of each individual and ensure that each employee is challenged in their role. Through Dairy University, employees receive online training and job enhancement, classes. Employees also have the opportunity to grow within DFA. We also want our employees to live a healthy lifestyle and offer a health and wellness program that provides access to online classes and materials tailored to help our employees make healthier choices, as well as an Employee Assistance Program that helps employees with legal and health issues, such as advice on parenting or stress management, and free counseling sessions. At DFA, we understand that our employees provide value within our organization and in our community. We cultivate a culture of openness, transparency, and integrity where employees are encouraged to voice their opinions and share their ideas. We also believe we have a responsibility to give back the communities in which we operate and work to do so through the DFA Cares Foundation. Dairy Farmers of America, Inc. is an equal employment employer and is committed to providing employment opportunities to minorities, females, veterans, and disabled individuals.
Loading...
DFA Similar Companies
Bulla Dairy Foods
Bulla Dairy Foods is one of Australia’s oldest family owned dairy companies. At Bulla, the same three families have been making dairy products in country Australia for six generations and export them all over the world. We make dairy products with care, craftsmanship and passion, like we've been
Holstein Association USA, Inc.
Holstein Association USA maintains records on over 22 million Registered Holsteins, recording ancestry and collecting and analyzing production, type and genetic data to provide useable information that enables dairy producers to improve their businesses by breeding better cows. The Holstein Associat
Embleton Hall Dairies
Here at Embleton Hall, we are proud milk suppliers with a difference. We passionately believe that food should be as fresh as possible and travel as little as possible before reaching your plate. That’s why most of our milk comes from local milk suppliers whom we know and trust and who work to the h
National Milk Records (NMR)
From its formation in 1943, NMR has grown and developed into an integrated service provider working for both farmers and milk buyers as well as an independent source of data for advisors such as vets, farm consultants and breed societies. The NMR Group today is structured on four subsidiary busines
Agpro, Inc
Agpro®, Inc. is both a Pioneer and Leader in waste management and cow cooling technologies. Agpro®, Inc. is directly responsible for the design and implementation of many concepts and components adopted by industry standards and accepted by regulatory agencies as efficient ways to cool cows in the h
Inex
INEX is a Belgian dairy group offering the most extensive range of fresh to long-life dairy products, in the most modern and diverse packaging. We process approximately 220 million litres of milk annually. Of this,more than half is exported to most EU-countries and to some countries outside the
Geris
We accelerate supply and demand in the dairy industry. We buy, sell and move dairy quality products over the world. Every day again. In time and with great care. In time delivery offers customers convenient stock advantages. Smart logistics, clever warehouse management and a network that connects
Zappalà S.p.A.
Zappalà is the first dairy company in Southern Italy and the largest supplier of Sicilian cheeses for the Italian retail market. Our production capacity places us among the top dairy companies in Italy. Our mission is to represent the typical aspects and quality of Sicilian and Italian food products
Penn Dairy LLC
Penn Dairy is a highly specialized manufacturer with a large production capacity. We use the best combination of traditional and innovative methods to produce the best quality dairy products. This is an SQF Certified manufacturing facility. Additional certifications include: Non-GMO Project Verified
.png)
DFA CyberSecurity News
December 03, 2025 08:00 AM
Cyber Attacks Are the New Threat Creeping Onto Dairy Farms
Dairy farmers know firsthand just how quickly risks can impact their bottom line. Now, a new kind of risk is quietly moving onto farms:...
December 02, 2025 08:00 AM
Wake-Up Call for Dairy: New Research Exposes Stagnant Biosecurity Efforts
Many larger dairies report having biosecurity protocols in place, according to a Farm Journal survey, but there are gaps in the relevancy of...
October 20, 2025 07:00 AM
20th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th October, please download our Threat Intelligence Bulletin.
October 17, 2025 07:00 AM
Ransomware-related breach confimed by Dairy Farmers of America
More than 4500 individuals were confirmed by Kansas-based Dairy Farmers of America to have had their personal details pilfered following a...
October 17, 2025 07:00 AM
Sotheby’s attack, Cisco Zero Disco, Microsoft revokes certificates
Sotheby's suffers cyberattack, Cisco “Zero Disco' attacks, Microsoft revokes ransomware certificates. Cybersecurity Headlines.
October 16, 2025 07:00 AM
Dairy Farmers of America confirms June cyberattack leaked personal data
The Dairy Farmers of America said cybercriminals breached company systems in June, gaining access to the information of employees and...
October 16, 2025 07:00 AM
Dairy Farmers of America Inc. Data Breach Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating Dairy Farmers of America Inc. (“DFA”) regarding its recent data...
October 14, 2025 07:00 AM
Agricultural Drone Market Soaring Amid Cybersecurity Challenges
The global agricultural drone market is on track to exceed $29 billion by 2033, according to new data from Research Intelo.
October 13, 2025 07:00 AM
Cybersecurity Becomes a National Priority for America’s Food and Agriculture Sector
Cyber threats are increasingly targeting the systems that keep America's food and agriculture industries running—from grain elevators and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DFA CyberSecurity History Information
Official Website of Dairy Farmers of America
The official website of Dairy Farmers of America is http://www.dfamilk.com/careers.
Dairy Farmers of America’s AI-Generated Cybersecurity Score
According to Rankiteo, Dairy Farmers of America’s AI-generated cybersecurity score is 582, reflecting their Very Poor security posture.
How many security badges does Dairy Farmers of America’ have ?
According to Rankiteo, Dairy Farmers of America currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Dairy Farmers of America been affected by any supply chain cyber incidents ?
According to Rankiteo, Dairy Farmers of America has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Dairy Farmers of America have SOC 2 Type 1 certification ?
According to Rankiteo, Dairy Farmers of America is not certified under SOC 2 Type 1.
Does Dairy Farmers of America have SOC 2 Type 2 certification ?
According to Rankiteo, Dairy Farmers of America does not hold a SOC 2 Type 2 certification.
Does Dairy Farmers of America comply with GDPR ?
According to Rankiteo, Dairy Farmers of America is not listed as GDPR compliant.
Does Dairy Farmers of America have PCI DSS certification ?
According to Rankiteo, Dairy Farmers of America does not currently maintain PCI DSS compliance.
Does Dairy Farmers of America comply with HIPAA ?
According to Rankiteo, Dairy Farmers of America is not compliant with HIPAA regulations.
Does Dairy Farmers of America have ISO 27001 certification ?
According to Rankiteo,Dairy Farmers of America is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Dairy Farmers of America
Dairy Farmers of America operates primarily in the Dairy Product Manufacturing industry.
Number of Employees at Dairy Farmers of America
Dairy Farmers of America employs approximately 7,917 people worldwide.
Subsidiaries Owned by Dairy Farmers of America
Dairy Farmers of America presently has no subsidiaries across any sectors.
Dairy Farmers of America’s LinkedIn Followers
Dairy Farmers of America’s official LinkedIn profile has approximately 101,918 followers.
NAICS Classification of Dairy Farmers of America
Dairy Farmers of America is classified under the NAICS code 3115, which corresponds to Dairy Product Manufacturing.
Dairy Farmers of America’s Presence on Crunchbase
Yes, Dairy Farmers of America has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/dairy-farmers-of-america.
Dairy Farmers of America’s Presence on LinkedIn
Yes, Dairy Farmers of America maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dairy-farmers-of-america.
Cybersecurity Incidents Involving Dairy Farmers of America
As of January 25, 2026, Rankiteo reports that Dairy Farmers of America has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Dairy Farmers of America has an estimated 309 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Dairy Farmers of America ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Dairy Farmers of America detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with contained the threat and restored operational facilities, and recovery measures with working with it professionals and cybersecurity experts for full recovery, and and recovery measures with offered two years of identity protection services to victims, and communication strategy with breach notifications filed with regulators (e.g., maine); letters sent to victims..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on Dairy Farmers of America
Description: Ransomware group Play took credit for a cyber attack on Dairy Farmers of America, disrupting multiple dairy manufacturing plants and stealing confidential data including budget, payroll, accounting, taxes, and financial info.
Type: Ransomware
Threat Actor: Play
Motivation: Financial
Title: Dairy Farmers of America Ransomware Attack and Data Breach
Description: The Dairy Farmers of America (DFA) experienced a ransomware attack in June, leading to the breach of personal information of 4,546 employees and cooperative members. The Play ransomware gang claimed responsibility. The stolen data included names, Social Security numbers, driver's license numbers, dates of birth, bank account numbers, and Medicare/Medicaid numbers. The attack disrupted operations at multiple manufacturing plants, and the organization discovered the breach two days after it began. Victims were offered two years of identity protection services.
Date Detected: June 2023 (exact date unspecified; discovered two days after attack began)
Date Publicly Disclosed: June 2023 (initial confirmation to Dairy Herd Management); September 2023 (breach notifications filed with Maine regulators)
Date Resolved: September 15, 2023 (investigation completed)
Type: Ransomware Attack
Attack Vector: Sophisticated social engineering campaign
Threat Actor: Play Ransomware Gang
Motivation: Financial gain (ransomware); data exfiltration for extortion
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Social engineering campaign.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware DAI902062425
Data Compromised: Budget, Payroll, Accounting, Taxes, Financial info
Systems Affected: Multiple dairy manufacturing plants
Operational Impact: Disruption of dairy manufacturing plants
Incident : Ransomware Attack DAI3402134101725
Data Compromised: Names, Social security numbers, Driver's license or state-issued id numbers, Dates of birth, Bank account numbers, Medicare or medicaid numbers
Systems Affected: Multiple manufacturing plants within DFA's network
Operational Impact: Disruption at manufacturing plants; encrypted devices and data exfiltration
Brand Reputation Impact: Potential reputational damage due to high-profile breach and ransomware attack
Identity Theft Risk: High (personal data of 4,546 individuals exposed)
Payment Information Risk: High (bank account numbers compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Budget, Payroll, Accounting, Taxes, Financial Info, , Personally Identifiable Information (Pii), Financial Data (Bank Account Numbers), Government-Issued Ids (Driver'S License, Medicare/Medicaid Numbers) and .
Which entities were affected by each incident ?
Incident : Ransomware DAI902062425
Entity Name: Dairy Farmers of America
Entity Type: Organization
Industry: Food and Beverage
Location: USA
Size: 18,000 employees
Incident : Ransomware Attack DAI3402134101725
Entity Name: Dairy Farmers of America (DFA)
Entity Type: Farmer-owned dairy cooperative
Industry: Food and Agriculture
Location: Kansas, USA
Size: ~19,000 employees; 9,500 farmer-owners; $24.5 billion revenue (2022)
Customers Affected: 4,546 individuals (employees and cooperative members)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware DAI902062425
Incident Response Plan Activated: True
Containment Measures: Contained the threat and restored operational facilities
Recovery Measures: Working with IT professionals and cybersecurity experts for full recovery
Incident : Ransomware Attack DAI3402134101725
Incident Response Plan Activated: True
Recovery Measures: Offered two years of identity protection services to victims
Communication Strategy: Breach notifications filed with regulators (e.g., Maine); letters sent to victims
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware DAI902062425
Type of Data Compromised: Budget, Payroll, Accounting, Taxes, Financial info
Sensitivity of Data: High
Incident : Ransomware Attack DAI3402134101725
Type of Data Compromised: Personally identifiable information (pii), Financial data (bank account numbers), Government-issued ids (driver's license, medicare/medicaid numbers)
Number of Records Exposed: 4546
Sensitivity of Data: High (includes SSNs, financial, and healthcare-related data)
Data Encryption: True
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by contained the threat and restored operational facilities.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware DAI902062425
Ransomware Strain: Play
Data Encryption: True
Data Exfiltration: True
Incident : Ransomware Attack DAI3402134101725
Ransomware Strain: Play Ransomware
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Working with IT professionals and cybersecurity experts for full recovery, Offered two years of identity protection services to victims.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Ransomware Attack DAI3402134101725
Regulatory Notifications: Filed with Maine regulators (and potentially others)
References
Where can I find more information about each incident ?
Incident : Ransomware DAI902062425
Source: Comparitech
Incident : Ransomware Attack DAI3402134101725
Source: Dairy Herd Management (outlet)
Date Accessed: June 2023
Incident : Ransomware Attack DAI3402134101725
Source: FBI Advisory on Play Ransomware (2023 update)
Date Accessed: 2023
Incident : Ransomware Attack DAI3402134101725
Source: Food and Ag-ISAC (Cyber Information Sharing Organization)
Date Accessed: 2023/2024
Incident : Ransomware Attack DAI3402134101725
Source: Breach notification letters to victims (DFA)
Date Accessed: September 2023
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Comparitech, and Source: Dairy Herd Management (outlet)Date Accessed: June 2023, and Source: FBI Advisory on Play Ransomware (2023 update)Date Accessed: 2023, and Source: Food and Ag-ISAC (Cyber Information Sharing Organization)Date Accessed: 2023/2024, and Source: Breach notification letters to victims (DFA)Date Accessed: September 2023.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware DAI902062425
Investigation Status: Ongoing
Incident : Ransomware Attack DAI3402134101725
Investigation Status: Completed (as of September 15, 2023)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Breach notifications filed with regulators (e.g. and Maine); letters sent to victims.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware Attack DAI3402134101725
Customer Advisories: Letters sent to breach victims offering identity protection services
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Letters sent to breach victims offering identity protection services.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Ransomware Attack DAI3402134101725
Entry Point: Social engineering campaign
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Ransomware Attack DAI3402134101725
Root Causes: Successful social engineering attack leading to unauthorized network access and data exfiltration
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Play and Play Ransomware Gang.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on June 2023 (exact date unspecified; discovered two days after attack began).
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on June 2023 (initial confirmation to Dairy Herd Management); September 2023 (breach notifications filed with Maine regulators).
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on September 15, 2023 (investigation completed).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were budget, payroll, accounting, taxes, financial info, , Names, Social Security numbers, Driver's license or state-issued ID numbers, Dates of birth, Bank account numbers, Medicare or Medicaid numbers and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Contained the threat and restored operational facilities.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Driver's license or state-issued ID numbers, accounting, Social Security numbers, financial info, Names, Dates of birth, taxes, Medicare or Medicaid numbers, Bank account numbers, payroll and budget.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 460.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Comparitech, Dairy Herd Management (outlet), Food and Ag-ISAC (Cyber Information Sharing Organization), FBI Advisory on Play Ransomware (2023 update) and Breach notification letters to victims (DFA).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Letters sent to breach victims offering identity protection services.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Social engineering campaign.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dairy-farmers-of-america' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
