CVE-2022-29468 CSRF vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 allows HTTP requests to increase privileges.
To exploit this vulnerability, an attacker must trick a user into clicking a crafted link. For example, attackers can host a website on a server
CVE-2022-2388 The WP Coder plugin before 2.5.3 didn't have CSRF check when deleting code, which could allow attackers to make a logged in admin delete arbitrary ones.
Multiple logged in users can also delete code in a project. WordPress 4.7 fixes this vulnerability by including CSRF protection for actions that can
CVE-2022-36251 Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php
A remote attacker can inject malicious code into the system via this vector. An attacker can create a patient record with a script that causes
CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.
This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a
CVE-2022-34025 Vesta 1.0.0-5 had a XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
An attacker can exploit this vulnerability by uploading malicious files to the target’s account. A successful exploit can result in session hijacking or information
Episode
00:00:00
00:00:00