CVE-2022-3998 A critical vulnerability was found in Monika Brzica scm. It is possible to inject sql script to manipulate the id argument. This is a remote attack.
It is recommended to apply the patch on a priority. It is possible to protect the server from the attack by applying the security patch.
CVE-2022-3893 BlueSpice Custom Menu extension can be exploited via XSS attack by an admin user.
XSS can be exploited to execute arbitrary script code in user session or obtain confidential information (CSRF). BlueSpice is currently the only confirmed XSS vulnerability
CVE-2022-3240 The "Follow Me Plugin" is vulnerable to Cross-Site Request Forgery up to 3.1.1 due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function.
FollowMe is an advanced social media plugin for WordPress that enables users to easily create and manage multiple social media profiles from a single dashboard.
CVE-2022-42984 The offset parameter of the WoW Wonder social network platform was found to be vulnerable to SQL injection.
A successful attack can allow hackers to inject malicious code in the database of the affected website, allowing them to hijack, corrupt, or delete data;
CVE-2022-3415 - Unauthenticated Stored XSS Exploit in Chat Bubble WordPress Plugin (v2.3 and Below)
Published: June 2024 <br>Author: [Your Name or pseudonym]
WordPress plugins help website owners add features easily, but vulnerabilities in plugins can open
Episode
00:00:00
00:00:00