CVE-2022-43323 EyouCMS V1.5.9-UTF8-SP1 was found to have a CSRF vulnerability in the Top Up Balance component.
This issue can be exploited to hijack the user's session if he/she has the same email address on the site as on
CVE-2022-43692 Reflected XSS can be exploited by a user if the targeted administrator is using an older browser that lacks XSS protection.
If you are running a version before 8.5.10 and are using a browser that supports XSS protection you must update to a version
CVE-2022-43693 - Concrete CMS CSRF Flaw in Core OAuth – How Attackers Can Hijack Your Login
Concrete CMS is a popular open-source content management system powering many government and enterprise websites. In late 2022, a worrying vulnerability — now tracked as CVE-2022-43693
CVE-2022-3574 The WPForms Pro plugin before 1.7.7 does not validate form data when exporting, which could lead to CSV injection.
If a site administrator saved the generated CSV on a local hard drive and then transferred it to a different site via a file transfer,
CVE-2022-2449 The reSmush.it: the free Image Optimizer and compress plugin doesn't perform CSRF checks, allowing an attacker to trick logged in users to perform actions on their behalf.
This can be something as simple as viewing a malicious email in your inbox or as dangerous as pushing malicious updates to the WordPress installation.
Episode
00:00:00
00:00:00