CVE-2022-3822 - How a Flaw in the Donations via PayPal WordPress Plugin Lets Admins Snoop (XSS Exploit Explained)
If you’re running a WordPress site and using the Donations via PayPal plugin, buckle up. CVE-2022-3822 shines a spotlight on a bug in plugin
CVE-2022-3511 - Exploiting IDOR in Awesome Support WordPress Plugin — How Subscribers Can Download Anyone’s Tickets
In 2022, a critical security flaw was discovered in the widely-used Awesome Support WordPress plugin. Tracked as CVE-2022-3511, the vulnerability allows low-privileged users—like subscribers—
CVE-2022-3610 The Jeeng Push Notifications plugin before 2.0.4 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
High privileged users can access and modify settings directly through the backend, which could lead to a cross-site scripting (XSS) vulnerability if unfiltered_html is
CVE-2022-2983 The Salat Times WordPress plugin 3.2.2 has security issues because it doesn't sanitize its settings and can be exploited to do Cross-Site Scripting attacks.
If you use this plugin on a website with high traffic or that has a high number of user registrations, this vulnerability could be exploited
CVE-2022-44411 A web based quiz system transmits users passwords in plaintext, allowing attackers to obtain them via a bruteforce attack.
We found that the WBS v1.0 plugin transmits users' passwords within the HTML code of the plugin's administration dashboard. In a
Episode
00:00:00
00:00:00