CVE-2022-40353 The local file of the Tour & Travels Management System v1.0 was found to be vulnerable to SQL injection.
An attacker can exploit this vulnerability to inject arbitrary SQL queries into the application, causing the backend to crash.
An attacker can exploit this vulnerability
CVE-2021-24890 The Scripts Organizer plugin before 3.0 had no capability for CSRF checks or validation of user input, which could allow unauthentic attacks.
which will be executed the next time the file is loaded by WordPress. This could allow for a wide range of attacks, including SQL injection,
CVE-2022-3098 The Login Block IPs plugin through 1.0.0 doesn't have CSRF check, which could allow attackers to make a logged in admin change them.
Attackers could then access or modify the settings of the plugin, such as disabling the setting to require a password to login or enable login
CVE-2022-38553 Academy Learning Management System v5.9.1 had a reflected XSS vulnerability.
This could allow attackers to inject arbitrary web script into affected systems. Creation of a new system or installation of v5.9.1 or earlier
CVE-2022-38079 Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
A hacker can trick your visitors into executing unwanted actions on your website by sending them requests that look like the login request but are
Episode
00:00:00
00:00:00