HA
Company Details
Linkedin ID:
hacemosatatt
Website:
Employees number:
17
Number of followers:
2,031
NAICS:
561499
Industry Type:
Homepage:
hacemos.org
IP Addresses:
0
Company ID:
HAC_2795154
Scan Status:
In-progress
HACEMOS at AT&T Company CyberSecurity Posture
hacemos.org
HACEMOS is the Hispanic/Latino Employee Resource Group (ERG) at AT&T founded in 1988. With a nationwide presence and operating as a 501c3 non-profit organization, HACEMOS is committed to supporting our company, our members, and the communities we serve. Our mission is to foster an environment where people help each other succeed professionally, personally, and in the community. We carry out our mission, through networking, volunteering, and social activities with a focus on our three pillars corporation, members, and community. HACEMOS focuses on growing STEM career awareness through our signature annual High Technology Day (HTD) offered across the nation serving high school students and by offering scholarships to local area students. Since 1988, HACEMOS has provided over $4M in scholarships to deserving students across the nation.
HACEMOS at AT&T A.I CyberSecurity Scoring
HA Risk Score (AI oriented)Between 0 and 549
HA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HA Global Score (TPRM)XXXX
HA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HA Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
HACEMOS at AT&T: When Is the AT&T settlement deadline? Here’s how to claim up to $7,500
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AT&T agreed to pay $177 million in total, which includes $149 million for the first settlement case and $28 million for the second. (Photo by Kevin Carter/Getty Images) Kevin Carter/Getty Images Nearly a year and a half after AT&T's first data breach was announced, a $177 million legal settlement could offer each eligible customer up to $7,500 in compensation. Still haven't filed a claim? There's still time to do so. Advertisement Article continues below this ad Here's what to know about the lawsuit and how to file a claim. When is the deadline to file a claim in the AT&T settlement? The claim submission deadline, originally set for Nov. 18, has been extended to Thursday, Dec. 18. Online forms must be submitted by that date, and mailed claims must be postmarked no later than Dec. 18. How much is AT&T's settlement in the data breach lawsuit? AT&T agreed to pay $177 million in total, which includes $149 million for the first settlement case and $28 million for the second. Before compensation can be distributed, however, the U.S. District Court for the Northern District of Texas must approve it in a final hearing on Dec. 3. Advertisement Article continues below this ad Statesman Logo Want more Statesman? Make us a Preferred Source on Google to see more of us when you search. Add Preferred Source In the meantime, affected customers are encouraged to file claims. Who can file a claim for the AT&T settlement? How much is compensation? The process for filing a claim and
HACEMOS at AT&T: AT&T Data Breach Settlement – $7,500 Eligibility & Payment Dates
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: After a series of customer data exposures over the span of the past few years, which led to the AT&T data breach settlement. This repeated incident triggered a major class action case, which pushed the company to resolve it by a negotiated payout. With the help of this AT&T settlement, the company has agreed to the distribution of $177 million funds, which are set as a final claim deadline of December 17. Those customers who have experienced that their personal information was being leaked during those breaches can fall within the qualifying group. AT&T Data Breach Settlement 2025 Eligible customers who are under the AT&T data breach settlement may reach the amount of $7500, which depends upon the losses as well as documentation. Although the company acknowledges the breaches occurred, it acted responsibly and rejected all the claims for mishandling. After the AT&T data breach settlement, the company stated that they remain committed to protect customer personal information. The company emphasized that the ongoing dedication to safeguarding customer data securely has become their central focus, despite the recent incident. AT&T Settlement 2025 Overview Managed by Kroll Settlement Administration Name of Program AT&T Data Breach Settlement 2025 Country USA Total Fund $177M Maximum Payout $7500 per Customer Claim Deadline December 18, 2025 Final Hearing January 15, 2026 Benefit Type Compensation for leaked personal data Who Gets It? Customers affected by the 2024 breaches
HA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HA
Incidents vs Fundraising Industry Average (This Year)
No incidents recorded for HACEMOS at AT&T in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for HACEMOS at AT&T in 2025.
Incident Types HA vs Fundraising Industry Avg (This Year)
No incidents recorded for HACEMOS at AT&T in 2025.
Incident History — HA (X = Date, Y = Severity)
HA cyber incidents detection timeline including parent company and subsidiaries
HA Company Subsidiaries
HACEMOS is the Hispanic/Latino Employee Resource Group (ERG) at AT&T founded in 1988. With a nationwide presence and operating as a 501c3 non-profit organization, HACEMOS is committed to supporting our company, our members, and the communities we serve. Our mission is to foster an environment where people help each other succeed professionally, personally, and in the community. We carry out our mission, through networking, volunteering, and social activities with a focus on our three pillars corporation, members, and community. HACEMOS focuses on growing STEM career awareness through our signature annual High Technology Day (HTD) offered across the nation serving high school students and by offering scholarships to local area students. Since 1988, HACEMOS has provided over $4M in scholarships to deserving students across the nation.
Loading...
HA Similar Companies
Sinclair, Townes & Company
Sinclair, Townes & Company is an Atlanta fund raising consulting firm that provides comprehensive counsel for capital campaigns, endowment campaigns, planned giving programs, major giving programs, annual funds, and more. Founded in 1980, Sinclair, Townes & Company consults with non-profit instit
Linda Noack Wiener Sarcoma-Oma Foundation
In 2015, there will be an estimated 1.7 million people diagnosed with cancer. Just 12,000 will be diagnosed with Sarcoma – a rare disease with limited funding for services and research. This foundation raises money to assist patients fighting Sarcoma, and gives them direction and financial help
Impact on Education
Impact on Education is the Foundation supporting nearly 30,000 students and 4,000 educators of the Boulder Valley School District. Since 1983, we've provided supplemental funding and resources to students and educators in order to expand what's possible in education. Today, our wide-ranging programs
Charity for Civil Servants
Hello there. We’re the Charity for Civil Servants, and as you might have guessed, that means we’re here to work alongside current, former and retired civil servants. We’ll support you with whatever problem you’re up against – from mental health struggles to relationship issues, to getting through gr
Impact Auctions
Impact Auctions is a professional fundraising auctioneer solution team. Impact Auctions Solutions: Event Planning Expert Live Auction Fundraising Auctioneer Bid Spotters Innovative theme and proven ideas that work Strategies to optimize silent auction Live auction expertise that maxim
As the leading global type 1 diabetes research and advocacy organization, Breakthrough T1D helps make everyday life with type 1 diabetes better while driving toward cures. We do this by investing in the most promising research, advocating for progress by working with government to address issues t
.png)
HA CyberSecurity News
December 08, 2025 11:57 AM
Buy botines mercurial x Discount Crystal Botines NIKE MERCURIAL Hacemos envios Aceptamos efectivo transferencias Tarjetas de credito debito MercadoPago Instagram
botines mercurial x, Crystal Botines NIKE MERCURIAL Hacemos envios Aceptamos efectivo transferencias Tarjetas de credito debito MercadoPago Instagram...
June 20, 2025 05:35 AM
Strengthening regional responses to terrorism financing risks: workshop on countering the misuse of virtual assets
The United Nations Counter-Terrorism Centre (UNCCT) of the United Nations Office of Counter-Terrorism (UNOCT), the Eastern and Southern Africa Anti-Money...
May 09, 2024 01:32 AM
Parliamentarians gather in Istanbul for Counter-Terrorism Meetings and Launch of new Handbook
Parliamentary Assemblies from around the world met in Istanbul to participate in the Fifth Counter-Terrorism Coordination Meeting, organized by the United...
January 25, 2024 08:00 AM
AT&T’s Hispanic Employee Group now taking scholarship applications
HACEMOS, AT&T's Hispanic Employee Group, is now accepting applications for its 2024-25 HACEMOS Scholarship Program.
December 18, 2023 11:00 PM
Enhancing Nigeria capacities to counter radiological and nuclear terrorist threats
Critical infrastructure protection against radiological and nuclear threats training The United Nations Counter-Terrorism Centre (UNCCT) of the United...
September 18, 2023 09:43 AM
USG Voronkov Meets Nigerian Youth Leaders in Abuja
On 30 August, Under-Secretary-General Vladimir Voronkov met with a group of young leaders from Nigeria currently engaged in the Youth Engagement and...
June 19, 2023 01:21 AM
Advocacy event – Togo: Promoting Universalization and Effective Implementation of the International Convention for the Suppression of Acts of Nuclear Terrorism | Oficina de Lucha contra el Terrorismo
The event provided a platform for open dialogue and exchange of ideas on the threat of nuclear terrorism and legislative assistance available.
April 12, 2021 07:00 AM
May Day commemorations called in our living, united, victorious homeland
May Day- Imagen: Santiago Romero Chang. The Secretariat of the Federation of Cuban Workers (CTC) calls for the celebration of International...
November 16, 2020 08:00 AM
CBRNE terror threat focus of INTERPOL-UN initiative | Oficina de Lucha contra el Terrorismo
LYON, France - INTERPOL and the United Nations Counter-Terrorism Centre (UNCCT) of the United Nations Office of Counter-Terrorism (UNOCT)...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HA CyberSecurity History Information
Official Website of HACEMOS at AT&T
The official website of HACEMOS at AT&T is http://WWW.HACEMOS.ORG.
HACEMOS at AT&T’s AI-Generated Cybersecurity Score
According to Rankiteo, HACEMOS at AT&T’s AI-generated cybersecurity score is 535, reflecting their Critical security posture.
How many security badges does HACEMOS at AT&T’ have ?
According to Rankiteo, HACEMOS at AT&T currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does HACEMOS at AT&T have SOC 2 Type 1 certification ?
According to Rankiteo, HACEMOS at AT&T is not certified under SOC 2 Type 1.
Does HACEMOS at AT&T have SOC 2 Type 2 certification ?
According to Rankiteo, HACEMOS at AT&T does not hold a SOC 2 Type 2 certification.
Does HACEMOS at AT&T comply with GDPR ?
According to Rankiteo, HACEMOS at AT&T is not listed as GDPR compliant.
Does HACEMOS at AT&T have PCI DSS certification ?
According to Rankiteo, HACEMOS at AT&T does not currently maintain PCI DSS compliance.
Does HACEMOS at AT&T comply with HIPAA ?
According to Rankiteo, HACEMOS at AT&T is not compliant with HIPAA regulations.
Does HACEMOS at AT&T have ISO 27001 certification ?
According to Rankiteo,HACEMOS at AT&T is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of HACEMOS at AT&T
HACEMOS at AT&T operates primarily in the Fundraising industry.
Number of Employees at HACEMOS at AT&T
HACEMOS at AT&T employs approximately 17 people worldwide.
Subsidiaries Owned by HACEMOS at AT&T
HACEMOS at AT&T presently has no subsidiaries across any sectors.
HACEMOS at AT&T’s LinkedIn Followers
HACEMOS at AT&T’s official LinkedIn profile has approximately 2,031 followers.
NAICS Classification of HACEMOS at AT&T
HACEMOS at AT&T is classified under the NAICS code 561499, which corresponds to All Other Business Support Services.
HACEMOS at AT&T’s Presence on Crunchbase
No, HACEMOS at AT&T does not have a profile on Crunchbase.
HACEMOS at AT&T’s Presence on LinkedIn
Yes, HACEMOS at AT&T maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/hacemosatatt.
Cybersecurity Incidents Involving HACEMOS at AT&T
As of December 21, 2025, Rankiteo reports that HACEMOS at AT&T has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
HACEMOS at AT&T has an estimated 1,146 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at HACEMOS at AT&T ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on HACEMOS at AT&T ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $354 million.
How does HACEMOS at AT&T detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with kroll settlement administration (managing settlement), and communication strategy with public statements emphasizing commitment to data protection; settlement notifications to affected customers, and communication strategy with customer advisories and public settlement announcement..
Incident Details
Can you provide details on each incident ?
Title: AT&T Data Breach Settlement 2025
Description: After a series of customer data exposures over the span of the past few years, AT&T faced a major class action lawsuit due to repeated breaches. The company agreed to a $177 million settlement fund, with eligible customers potentially receiving up to $7,500 depending on documented losses. The final claim deadline is December 18, 2025, and the final hearing is scheduled for January 15, 2026. AT&T acknowledged the breaches but denied mishandling claims, emphasizing its commitment to protecting customer data.
Type: Data Breach
Title: AT&T Data Breach Settlement
Description: AT&T agreed to a $177 million legal settlement following a data breach announced nearly a year and a half prior. The settlement includes $149 million for the first case and $28 million for the second, offering eligible customers up to $7,500 in compensation. The claim submission deadline was extended to December 18, with court approval pending for December 3 in the U.S. District Court for the Northern District of Texas.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach HAC1764605702
Financial Loss: $177 million (settlement fund)
Data Compromised: Personal information of customers (2024 breaches)
Customer Complaints: Class action lawsuit filed
Brand Reputation Impact: Significant (repeated breaches, settlement required)
Legal Liabilities: $177 million settlement, class action lawsuit
Identity Theft Risk: High (personal information leaked)
Incident : Data Breach HAC1764612339
Financial Loss: $177 million (settlement amount)
Customer Complaints: True
Legal Liabilities: $177 million (settlement)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $177.00 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal information.
Which entities were affected by each incident ?
Incident : Data Breach HAC1764605702
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: USA
Customers Affected: Customers impacted by 2024 breaches (exact number unspecified)
Incident : Data Breach HAC1764612339
Entity Name: AT&T
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: United States
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach HAC1764605702
Third Party Assistance: Kroll Settlement Administration (managing settlement)
Communication Strategy: Public statements emphasizing commitment to data protection; settlement notifications to affected customers
Incident : Data Breach HAC1764612339
Communication Strategy: Customer advisories and public settlement announcement
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Kroll Settlement Administration (managing settlement).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach HAC1764605702
Type of Data Compromised: Personal information
Sensitivity of Data: High (personally identifiable information)
Data Exfiltration: Yes (leaked personal data)
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach HAC1764605702
Legal Actions: Class action lawsuit, settlement agreement ($177 million)
Incident : Data Breach HAC1764612339
Legal Actions: Class-action lawsuit settlements ($149M and $28M)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit, settlement agreement ($177 million), Class-action lawsuit settlements ($149M and $28M).
References
Where can I find more information about each incident ?
Incident : Data Breach HAC1764605702
Source: AT&T Data Breach Settlement 2025 Overview
Incident : Data Breach HAC1764605702
Source: Kroll Settlement Administration (AT&T Data Breach Settlement Program)
Incident : Data Breach HAC1764612339
Source: Statesman (via Getty Images)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: AT&T Data Breach Settlement 2025 Overview, and Source: Kroll Settlement Administration (AT&T Data Breach Settlement Program), and Source: Statesman (via Getty Images).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach HAC1764605702
Investigation Status: Resolved (settlement reached)
Incident : Data Breach HAC1764612339
Investigation Status: Settlement pending court approval (final hearing on December 3, 2024)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statements emphasizing commitment to data protection; settlement notifications to affected customers and Customer advisories and public settlement announcement.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach HAC1764605702
Stakeholder Advisories: Customers notified via settlement administration (Kroll); public statements issued by AT&T
Customer Advisories: Eligible customers can file claims for compensation up to $7,500 by December 18, 2025. Final hearing on January 15, 2026.
Incident : Data Breach HAC1764612339
Stakeholder Advisories: Customers encouraged to file claims by December 18, 2024
Customer Advisories: Claim submission deadline extended to December 18, 2024; eligible customers may receive up to $7,500 in compensation
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers notified via settlement administration (Kroll); public statements issued by AT&T, Eligible customers can file claims for compensation up to $7,500 by December 18, 2025. Final hearing on January 15, 2026., Customers encouraged to file claims by December 18, 2024, Claim submission deadline extended to December 18, 2024; eligible customers may receive up to $7 and500 in compensation.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach HAC1764605702
Corrective Actions: AT&T emphasized ongoing commitment to safeguarding customer data (no specific technical measures disclosed)
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Kroll Settlement Administration (managing settlement).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: AT&T emphasized ongoing commitment to safeguarding customer data (no specific technical measures disclosed).
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal information of customers (2024 breaches) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Kroll Settlement Administration (managing settlement).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personal information of customers (2024 breaches).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit, settlement agreement ($177 million), Class-action lawsuit settlements ($149M and $28M).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Statesman (via Getty Images), Kroll Settlement Administration (AT&T Data Breach Settlement Program) and AT&T Data Breach Settlement 2025 Overview.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (settlement reached).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via settlement administration (Kroll); public statements issued by AT&T, Customers encouraged to file claims by December 18, 2024, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Eligible customers can file claims for compensation up to $7,500 by December 18, 2025. Final hearing on January 15, 2026., Claim submission deadline extended to December 18, 2024; eligible customers may receive up to $7 and500 in compensation.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L104
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L94
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3420841%40ajax-search-for-woocommerce%2Ftrunk&old=3398612%40ajax-search-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=#file136
- https://wordpress.org/plugins/ajax-search-for-woocommerce
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8149103e-105d-401d-8a15-b07d131baaac?source=cve
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3421362%40ultimate-member%2Ftrunk&old=3408617%40ultimate-member%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=hacemosatatt' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
