Day: Nisan 25, 2022

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read…

Devamını oku

CVE-2022-1228

The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege…

Devamını oku

CVE-2022-1156

The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks…

Devamını oku

CVE-2022-1153

The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege…

Devamını oku

CVE-2022-1092

The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and…

Devamını oku

CVE-2022-1027

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its…

Devamını oku

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page,…

Devamını oku

CVE-2022-0876

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform…

Devamını oku