CVE-2022-34654 - Cross-Site Request Forgery (CSRF) in Virgial Berveling’s Manage Notification E-mails Plugin <= 1.8.2 on WordPress
Managing notifications in WordPress is essential, especially for busy sites. Many site owners have turned to the "Manage Notification E-mails" plugin by Virgial
CVE-2022-3768 - SQL Injection in WPSmartContracts WordPress Plugin (Exploit Guide and Analysis)
CVE-2022-3768 is a serious security vulnerability found in the popular WordPress plugin WPSmartContracts (versions before 1.3.12). This issue allows users, even with the
CVE-2022-3603 - CSV Injection Vulnerability in “Export customers list csv for WooCommerce” and Related WordPress Plugins - Explained
In today’s post, we’ll take a close look at CVE-2022-3603, a CSV injection vulnerability found in popular WordPress plugins like Export customers list
CVE-2022-3834 - How a Google Forms WordPress Plugin Bug Exposes Sites to Admin XSS Attacks
Security vulnerabilities in WordPress plugins are a known theme, but sometimes they land in surprising places. CVE-2022-3834 is one of those: it hit the popular
CVE-2022-3824 - Exploiting Stored XSS in WP Admin UI Customize WordPress Plugin (Pre-1.5.13)
Date of Discovery: September 2022
Affected Plugin: WP Admin UI Customize (before 1.5.13)
Vulnerability Type: Stored Cross-Site Scripting (XSS)
CVSS Score: 6.4
Episode
00:00:00
00:00:00