CVE-2022-38079 Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
A hacker can trick your visitors into executing unwanted actions on your website by sending them requests that look like the login request but are
CVE-2022-40088 The vulnerable component was found to contain an XSS flaw, where users can inject malicious code.
An attacker can leverage this vulnerability to conduct XSS attacks against users of the site via client-side scripting languages such as JavaScript or Python. It
CVE-2022-40219 The SedLex FavIcon Switcher plugin has a CSRF vulnerability that allows plugin settings to be changed.
When installing SedLex FavIcon Switcher plugin, browse to Settings page and change required settings to alter the way site behaves. SedLex FavIcon Switcher plugin does
CVE-2022-41253 The Jenkins CONS3RT Plugin 1.0.0 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method.
This CSRF vulnerability can be exploited by an attacker who controls a target Jenkins installation and configures the plugin to pass login credentials to another
CVE-2022-41245 An attack scenario in which an attacker can connect to a URL of their choice using credentials obtained through a different attack.
Subsequently, an attacker may access and/or modify Jenkins data, create or alter jobs, or propagate the attack to other Jenkins installations. This may lead
Episode
00:00:00
00:00:00