CVE-2022-41136 - How a CSRF Flaw Opened Doors to Stored XSS in the Shortcodes Ultimate WordPress Plugin (v5.12. and Below)
If you’re running a WordPress site and use the popular “Shortcodes Ultimate” plugin by Vladimir Anokhin, you might have heard about a dangerous security
CVE-2022-40128 - How CSRF in "Advanced Order Export For WooCommerce" Lets Attackers Steal Your Exported Data
If you're running a WordPress store powered by WooCommerce, chances are you rely on plugins for every special feature. One popular tool, Advanced
CVE-2022-32776 - Admin+ Stored XSS Vulnerability in Advanced Ads – Ad Manager & AdSense WordPress Plugin (<= 1.31.1)
WordPress powers millions of websites, making plugin security a top concern for website owners, admins, and developers. In June 2022, a serious vulnerability was found
CVE-2022-40223 - How a Nonce Token Leak and Missing Authorization in SearchWP Premium <= 4.2.5 Let Attackers Change WordPress Plugin Settings
WordPress powers over 40% of the web, but its popularity also makes it a huge target. Today we’ll break down a real vulnerability—CVE-2022-40223—
CVE-2022-40632 gVectors Team wpForo Forum plugin = 2.0.5 vulnerable to CSRF leading to topic deletion.
A malicious user with access to the admin settings of the site can perform CSRF attack to delete any topic in the site. WordPress 4.
Episode
00:00:00
00:00:00