Day: Haziran 13, 2022

CVE-2022-1412

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially…

Devamını oku

CVE-2022-1336

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide’s descriptions, which could allow high-privileged users such as admin to perform Cross-Site…

Devamını oku

CVE-2022-1335

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide’s descriptions, which could allow high-privileged users such as admin to perform Cross-Site…

Devamını oku

CVE-2022-1208

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient…

Devamını oku

CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users…

Devamını oku