CVE-2021-24890 The Scripts Organizer plugin before 3.0 had no capability for CSRF checks or validation of user input, which could allow unauthentic attacks.
which will be executed the next time the file is loaded by WordPress. This could allow for a wide range of attacks, including SQL injection,
CVE-2022-3098 The Login Block IPs plugin through 1.0.0 doesn't have CSRF check, which could allow attackers to make a logged in admin change them.
Attackers could then access or modify the settings of the plugin, such as disabling the setting to require a password to login or enable login
CVE-2022-38553 Academy Learning Management System v5.9.1 had a reflected XSS vulnerability.
This could allow attackers to inject arbitrary web script into affected systems. Creation of a new system or installation of v5.9.1 or earlier
CVE-2022-38079 Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
A hacker can trick your visitors into executing unwanted actions on your website by sending them requests that look like the login request but are
CVE-2022-40088 The vulnerable component was found to contain an XSS flaw, where users can inject malicious code.
An attacker can leverage this vulnerability to conduct XSS attacks against users of the site via client-side scripting languages such as JavaScript or Python. It
Episode
00:00:00
00:00:00