CVE-2022-38086 The CSRF vulnerability in the Shortcodes Ultimate plugin = 5.12.0 could lead to plugin preset settings change.
This CSRF vulnerability allows an attacker to change preset settings of the Shortcode Ultimate plugin. As most of the Shortcode Ultimate users don’t have
CVE-2021-36915 Cozmoslabs Profile Builder plugin = 3.6.0 has a CSRF vulnerability that allows uploading the JSON file and updating the options.
Plugin can be exploited by logged in user or by user with WordPress administrator role. Attack can be performed via vulnerable online import/export functionality,
CVE-2022-40178 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
A remote low-privilege attacker can exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. A local low-privilege attacker can exploit this vulnerability to obtain
CVE-2022-40179 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
This can lead to the disclosure of sensitive information such as a user’s personal data, or the takeover of the device with elevated privileges.
CVE-2022-40180 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
This can then be used to control the device operating system, install software, capture screenshots, etc. Depending on the web application and operating system version,
Episode
00:00:00
00:00:00