CVE-2022-2144 - How A Missing CSRF Check in jQuery Validation For Contact Form 7 Plugin Threatens WordPress Sites
WordPress plugins make website management easier, but sometimes security oversights turn them into targets for attackers. CVE-2022-2144 is a classic example—a Cross-Site Request Forgery
CVE-2022-31883 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability
Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of another
CVE-2022-29097 Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API
Dell WMS 3.6.2 and onwards contains a Cross-site Request Forgery (CSRF) vulnerability in the Configuration API. A malicious user could potentially exploit this
CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
CVE-2022-23072 V1.0.5 to 1.2.5 are vulnerable to stored XSS in "Add to Cart" functionality.
In version 1.3.0, this issue was fixed. Add to Cart functionality was also fixed in version 1.2.5. Add to Cart functionality
Episode
00:00:00
00:00:00