Kategori: NIST-Təhlükəsizlik Zəiflikləri

CVE-2022-0661

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user…

Devamını oku

CVE-2022-0706

The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege…

Devamını oku

CVE-2022-0707

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make…

Devamını oku

CVE-2022-0765

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the…

Devamını oku

CVE-2022-0780

The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action…

Devamını oku

CVE-2022-0994

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform…

Devamını oku

CVE-2022-1001

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its “WordPress Target Version” settings, but does not sanitise and escape it…

Devamını oku