CVE-2022-35725 Stored XSS vulnerability in the wp-forecast plugin = 7.5 at WordPress.
This XSS vulnerabitity was fixed in version 8.1.2. To patch this issue, update to the latest version. To patch this issue, update to
CVE-2022-38144 The gVectors Team wpForo Forum plugin has a CSRF vulnerability.
In short, it happens when a user submits a request to an unintended target. This unauthorized request can be made by clicking on an unexpected
CVE-2022-2657 The Multivendor Marketplace Solution for WooCommerce plugin before 3.8.12 had authorisation and CSRF issues, which could allow users to suspend vendors.
attacks on other users’ accounts, such as when a vendor suspends another vendor or when vendors call other vendors and alter their orders. These unauthenticated
CVE-2022-2597 The Visual Portfolio, Photo Gallery & Post Grid plugin before 2.19.0 had some security issues, allowing users with a low role to inject arbitrary CSS.
This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as
CVE-2022-36609 The patient management system v1.0 had a SQL injection vulnerability via the id parameter.
An attacker can exploit the SQL injection flaw to execute arbitrary SQL commands with the privileges of the system user. In addition to the SQL
Episode
00:00:00
00:00:00