CVE-2022-3220 The Advanced Comment Form WordPress plugin before 1.2.1 has unsafe settings that allow high privilege users to do CSRF attacks.
After the upgrade, any site with an infected comment form will be vulnerable to CSRF attacks. It’s recommended to update your site immediately to
CVE-2022-3154 The Woo Billingo Plus and Integration for Billingo & Gravity Forms WordPress plugins before 4.4.5.4 and 1.0.4, respectively, lack CSRF checks in some AJAX actions.
or purchase add-ons. In addition, the plugin does not offer any protection against CSRF on its Contact Form. The only way to fix this issue
CVE-2022-36635 The ZKBioSecurity V5000 4.1.3 had a SQL injection vulnerability in /baseOpLog.do.
An attacker can leverage this vulnerability to inject SQL commands into the database or obtain sensitive information by viewing the database.
ZKteco ZKBioSecurity V5000 4.
CVE-2022-39287 Tiny-csrf is a Node.js CSRF protection middleware that encrypts cookies.
Improving security is a top priority for the team. Therefore, we take the severity of these security issues very seriously. We aim to provide the
CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.
This can be leveraged to bypass authentication and obtain sensitive information such as user names, email addresses, and other login details.
NPS before v0.26.
Episode
00:00:00
00:00:00