CVE-2022-34025 Vesta 1.0.0-5 had a XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
An attacker can exploit this vulnerability by uploading malicious files to the target’s account. A successful exploit can result in session hijacking or information
CVE-2022-30622 The system discloses usernames and passwords, which means it's possible to enter the system. The system loads the request clearly by default.
The server code is very vulnerable, as it is described in the following example. In addition, the server has hard-coded authentication credentials (admin/admin)
CVE-2022-1672 - Unpacking the CSRF Vulnerability in Google PageSpeed WordPress Plugin Before v4..7
If you use WordPress and rely on Google PageSpeed Insights Plugin to boost your site speed, you might have been at risk without even knowing
CVE-2022-2144 - How A Missing CSRF Check in jQuery Validation For Contact Form 7 Plugin Threatens WordPress Sites
WordPress plugins make website management easier, but sometimes security oversights turn them into targets for attackers. CVE-2022-2144 is a classic example—a Cross-
CVE-2022-31883 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability
Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of
Episode
00:00:00
00:00:00