CVE-2022-3357 - How a Smart Slider 3 Vulnerability Could Let Hackers Take Over WordPress Sites
In November 2022, a critical vulnerability was discovered in the popular Smart Slider 3 WordPress plugin. Identified as CVE-2022-3357, this security flaw could allow an
CVE-2022-3380 - Unrestricted Unserialization Vulnerability in Customizer Export/Import WordPress Plugin Prior to .9.5
The Customizer Export/Import WordPress plugin is a widely utilized utility that allows website administrators to effortlessly export and import settings of WordPress Customizer to
![CVE-2022-2190 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter, which could lead to Reflected Cross-Site Scripting in old browsers.](https://storage.ghost.io/c/f0/4a/f04ab6a7-2899-4451-89ec-fc03b7757446/content/images/size/w720/2022/12/CVE-2022-2190.png)
CVE-2022-2190 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter, which could lead to Reflected Cross-Site Scripting in old browsers.
when a malicious user sends a request to a site with this plugin installed and receives a response with a maliciously crafted request_uri value.
CVE-2022-3366 The PublishPress Capabilities plugin before 2.5.2 unserializes imported files, which could lead to PHP object injection attacks by administrators.
This issue has been fixed in version 2.6.1 of both plugins.
PublishPress Capabilities Pro WordPress plugin before 2.6.1 uses an insecure
CVE-2022-3708 - SSRF in WordPress Web Stories Plugin – What You Need to Know (With Exploit Example)
Summary:
The WordPress Web Stories plugin lets you easily create visually rich, mobile-focused stories for your site. But in versions up to and including 1.
Episode
00:00:00
00:00:00