CVE-2022-2575 The WBW Currency Switcher for WooCommerce plugin before 1.6.6 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
WP-Climates plugin before 3.2.2 for WP, due to lack of the fix for CVE-2017-8905, is still vulnerable to SQL injection when exporting certain
CVE-2022-2798 The Affiliates Manager plugin before 2.9.14 was not secure, and could be exploited to perform CSV injection attacks.
This issue happens due to insufficient validation of user-supplied data. Also Affiliates Manager does not properly sanitise the affiliate's data, which could allow
CVE-2022-36536 An issue in the component post_applogin.php of Super Flexible Software GmbH & Co
Additionally, this issue may allow remote attackers to hijack the authentication of arbitrary users, due to insecure handling of the CSRF protection mechanism. In order
CVE-2022-29240 Scylla is a real-time big data database compatible with Cassandra and DynamoDB. When decompressing CQL frames, the user's provided uncompressed length is assumed to be correct.
3. Attacker that has access to user account and has full privileges can also read uninitialized memory, but then they can also read any memory
CVE-2022-37207 JFinal CMS 5.1.0 is affected by: SQL Injection
when connecting through these interfaces. The following is an example of SQL injection through the Product.category() and Product.description() functions.
1 exec('select
Episode
00:00:00
00:00:00