CVE-2022-3494 The Complianz WordPress plugin before 6.3.4, and Complianz Premium before 6.3.6 allow translators to inject arbitrary SQL.
If the translator does not have proper control over the WordPress installation, or if a malicious translator injects SQL into the database, it can be
CVE-2022-44724 The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows attackers to inject arbitrary HTML or JavaScript via a XSS vulnerability.
The vulnerability is due to how Handy-link functionality is implemented in Stiltsoft Handy-link Handy-link functionality is provided by the Stiltsoft Handy-link plugin for Confluence Server/
CVE-2022-36428 - Admin+ Cross-Site Scripting (XSS) in Stage Rock Convert WordPress Plugin (≤ 2.11.) – Vulnerability Deep Dive and Exploit Details
WordPress plugins are often targeted for security flaws, especially those that manage extensive input or content conversion. In 2022, a critical vulnerability surfaced in the
CVE-2021-36906 - How Multiple IDOR Bugs Exposed Quiz And Survey Master Data on WordPress
---
If you run quizzes or surveys on your WordPress site using the popular Quiz And Survey Master plugin, you might want to pay close
CVE-2022-44628 - Exploiting Authenticated Stored XSS in 4ECPS Web Forms Plugin <= .2.17 (WordPress Guide with Code Sample)
---
If you’re running a WordPress site and use the 4ECPS Web Forms plugin by JumpDEMAND Inc., _this is a must-read_. The vulnerability tracked
Episode
00:00:00
00:00:00