CVE-2022-3610 The Jeeng Push Notifications plugin before 2.0.4 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
High privileged users can access and modify settings directly through the backend, which could lead to a cross-site scripting (XSS) vulnerability if unfiltered_html is
CVE-2022-2983 The Salat Times WordPress plugin 3.2.2 has security issues because it doesn't sanitize its settings and can be exploited to do Cross-Site Scripting attacks.
If you use this plugin on a website with high traffic or that has a high number of user registrations, this vulnerability could be exploited
CVE-2022-44411 A web based quiz system transmits users passwords in plaintext, allowing attackers to obtain them via a bruteforce attack.
We found that the WBS v1.0 plugin transmits users' passwords within the HTML code of the plugin's administration dashboard. In a web-based quiz system,
CVE-2022-45278 Jizhicms v2.3.3 contains a SQL injection vulnerability.
If the user was able to inject data into the get_fields.html file, an attacker could exploit the SQL injection vulnerability and potentially acquire
CVE-2022-43708 Attachments interface has XSS vulnerabilities that allow attackers to inject HTML.
When the user uploads a file, it will be converted to HTML and posted on the site. In addition, there is no input validation on
Episode
00:00:00
00:00:00