CVE-2022-26375 Auth
This plugin has been reported to have a XSS flaw in the press optimization feature. An attacker can inject a malicious code into a web
CVE-2022-3151 The WP Custom Cursors plugin before 3.0.1 didn't have CSRF check, which could allow attackers to delete arbitrary cursors as an admin.
This issue has been fixed in WP 3.0.2 and later. Earlier versions are vulnerable. This issue was reported by Yap.
CVE-2022-3152
This issue
CVE-2022-3150 The WP Custom Cursors plugin through 3.0 doesn't properly sanitise and escape a parameter, which leads to a SQL injection vulnerability that can be exploited by high-privileged users.
or root. This could lead to the deletion of important data or even the installation of a malicious plugin. You can avoid this risk by
CVE-2022-3206 The Passster plugin before 3.5.5.5.2 stored passwords in cookies using base64 encoding, which can be decoded.
There are many cases where a hacker might be able to access the server and steal the cookie from there. Following are the possible ways
CVE-2022-3282 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking user input sent when submitting the form.
We discovered another type of remote code execution vulnerability in the Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5. When
Episode
00:00:00
00:00:00