CVE-2022-3600 The Easy Digital Downloads plugin before 3.1.0.2 has a bug that could lead to CSV injection.
This could be used in advanced malicious ways, for example, uploading a malicious CSV file to an online store and then using the Easy Digital
CVE-2022-1581 WP-Polls pluginprioritized getting visitor IP over PHP's REMOTE_ADDR, which made it possible to bypass IP-based limitations to vote in certain situations.
This means, for example, that a malicious actor could hack an online poll and change the vote for a certain country, or for a certain
CVE-2022-41609 - Exploiting SSRF in Better Messages WordPress Plugin (Subscriber+ Auth Required)
WordPress powers millions of websites, and plugins extend its features. But what happens if a plugin has a dangerous security flaw? In this post, we’
CVE-2022-41155 Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
iQ Block is a content management system with an emphasis on flexibility, security and development speed. It is easy to install, configure, and scale. iQ
CVE-2022-45369 - Exploiting Broken Access Control in ‘Plugin for Google Reviews’ ≤ 2.2.2 WordPress Plugin (Subscriber+ Authentication)
In November 2022, security researchers identified a Broken Access Control vulnerability (CVE-2022-45369) in the popular WordPress plugin Plugin for Google Reviews (versions ≤ 2.2.2)
Episode
00:00:00
00:00:00