CVE-2022-3632 - How Missing CSRF Checks in OAuth Client by DigitalPixies Expose Your WordPress Site
Security flaws in WordPress plugins can give hackers an opening to bypass protections and mess with your website. One such flaw—CVE-2022-3632—affects the OAuth
CVE-2022-3477 The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper and Newsmag WordPress themes, doesn't properly implement Facebook login, which allows attackers to login as any use.
This issue was addressed by Facebook in its security update on April 18th, 2018. More details on this issue can be found in the linked
CVE-2022-3538 The Webmaster Tools Verification plugin through 1.2 doesn't have authorisation and CSRF, allowing unauthenticated users to disable arbitrary plugins.
This could potentially allow an attacker to disable arbitrary plugins, leading to a plugin breakage and Site deactivation. We are actively investigating this issue, and
CVE-2022-2449 The reSmush.it: the free Image Optimizer and compress plugin doesn't perform CSRF checks, allowing an attacker to trick logged in users to perform actions on their behalf.
This can be something as simple as viewing a malicious email in your inbox or as dangerous as pushing malicious updates to the WordPress installation.
CVE-2022-3574 The WPForms Pro plugin before 1.7.7 does not validate form data when exporting, which could lead to CSV injection.
If a site administrator saved the generated CSV on a local hard drive and then transferred it to a different site via a file transfer,
Episode
00:00:00
00:00:00