CVE-2022-3243 The Import all XML, CSV & TXT WordPress plugin before version 6.5.8 is vulnerable to SQL injection by high privilege users such as admin.
This issue has been resolved in the latest version of Import all XML, CSV & TXT WordPress plugin v6.5.9. IMPORTANT Before updating to
CVE-2022-2574
The unfiltered_html setting was previously enabled by default and allowed users with unfiltered_html capability to inject any HTML code they want. This could
CVE-2022-3131 The Search Logger plugin through 0.9 does not properly sanitise and escape a parameter, which leads to a SQL injection. This is a high privilege exploit.
when you pass a parameter that has a non-escaped special character within the parameter to the Search Logger view, the SQL query is not properly
CVE-2022-3244 The Import all XML, CSV & TXT WordPress plugin before 6.5.8 has auth issues which could allow any authenticated users to access certain features if they get the nonce.
value. This results in XML posts being uploaded to the server and displayed to site visitors that could potentially be abused. The issue has been
CVE-2022-3501 Article template contents with sensitive data could be accessed from agents without permissions.
These agents could be rogue insiders posing as clients, scammers pretending to be from Google, or accounts that have been compromised. To make sure these
Episode
00:00:00
00:00:00