CVE-2022-3538 The Webmaster Tools Verification plugin through 1.2 doesn't have authorisation and CSRF, allowing unauthenticated users to disable arbitrary plugins.
This could potentially allow an attacker to disable arbitrary plugins, leading to a plugin breakage and Site deactivation. We are actively investigating this issue, and
CVE-2022-2449 The reSmush.it: the free Image Optimizer and compress plugin doesn't perform CSRF checks, allowing an attacker to trick logged in users to perform actions on their behalf.
This can be something as simple as viewing a malicious email in your inbox or as dangerous as pushing malicious updates to the WordPress installation.
CVE-2022-3574 The WPForms Pro plugin before 1.7.7 does not validate form data when exporting, which could lead to CSV injection.
If a site administrator saved the generated CSV on a local hard drive and then transferred it to a different site via a file transfer,
CVE-2022-45199 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
This issue was disclosed to the third party vendor who has confirmed the issue and is working on a patch. It has been reported that
CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
If you have installed Obsidian on your server, it is critical that you review the list of REST API endpoints, as there is a risk
Episode
00:00:00
00:00:00