Day: Mart 21, 2022

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to…

Devamını oku

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users…

Devamını oku

CVE-2022-0590

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site…

Devamını oku

CVE-2022-0515

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…

Devamını oku

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

Devamını oku

CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing…

Devamını oku

CVE-2022-0364

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with…

Devamını oku

CVE-2022-0229

The miniOrange’s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the…

Devamını oku