CVE-2022-3151 The WP Custom Cursors plugin before 3.0.1 didn't have CSRF check, which could allow attackers to delete arbitrary cursors as an admin.

This issue has been fixed in WP 3.0.2 and later. Earlier versions are vulnerable. This issue was reported by Yap.

CVE-2022-3152

This issue has been fixed in WP 3.0.3 and later. Earlier versions are vulnerable. This issue was reported by Yap.

WP 2.6.x Vulnerability – CVE-2020-3152

This issue has been fixed in WP 3.0.2 and later. Earlier versions are vulnerable. This issue was reported by Yap.

The blog post discusses how companies can use outsourcing SEO to ensure that their digital presence is generating maximum impact and capturing the highest volume of prospective customers.

WordPress Core

In an earlier version of WordPress, the "wp_title" Shortcode allowed users to insert arbitrary HTML code before and after the title.
This bug has been fixed.

Timeline

Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/20/2022 15:02:00 UTC

References

• https://wpscan.com/vulnerability/27816c70-58ad-4ffb-adcc-69eb1b210744
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3151