CVE-2022-27855 - Exploiting CSRF in Fatcat Apps Analytics Cat Plugin for WordPress (<= 1..9)
A serious Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2022-27855, was discovered in the Fatcat Apps *Analytics Cat* plugin (version 1..9 and below) for
CVE-2022-39352 - Wildcard Authorization Bypass in OpenFGA Before v.2.5 – How It Works and How to Fix It
Imagine using a cutting-edge authorization engine to manage who can see what in your app—believing everything is rock solid—when, in reality, a slip
CVE-2022-3536 The Role Based Pricing plugin before 1.6.3 has no authorization and validation, which allows any authenticated user to perform phar deserialization attack.
they can upload a file, and a suitable gadget chain is present on the blog, such as Google Analytics, the attackers can inject malicious code
CVE-2022-3558 The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
This is a pretty big issue as it can lead to security issues when the exported data is used by other applications or services. This
CVE-2022-39387 - Breaking into XWiki via OpenID Connect Parameter Tampering
In late 2022, a critical vulnerability was discovered in XWiki's OpenID Connect (OIDC) authentication module. XWiki, an open-source enterprise wiki and knowledge management
Episode
00:00:00
00:00:00