CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.
This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a
CVE-2022-34025 Vesta 1.0.0-5 had a XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
An attacker can exploit this vulnerability by uploading malicious files to the target’s account. A successful exploit can result in session hijacking or information
CVE-2022-30622 The system discloses usernames and passwords, which means it's possible to enter the system. The system loads the request clearly by default.
The server code is very vulnerable, as it is described in the following example. In addition, the server has hard-coded authentication credentials (admin/admin). Path
CVE-2022-2144 - How A Missing CSRF Check in jQuery Validation For Contact Form 7 Plugin Threatens WordPress Sites
WordPress plugins make website management easier, but sometimes security oversights turn them into targets for attackers. CVE-2022-2144 is a classic example—a Cross-Site Request Forgery
CVE-2022-1672 - Unpacking the CSRF Vulnerability in Google PageSpeed WordPress Plugin Before v4..7
If you use WordPress and rely on Google PageSpeed Insights Plugin to boost your site speed, you might have been at risk without even knowing
Episode
00:00:00
00:00:00