CVE-2022-2350 The Disable User Login plugin doesn't have any authorisation checks, allowing attackers to block or unblock users.
Unauthorised users can perform this attack by editing the plugin settings, selecting a restricted role, and then forcing the plugin to reload its settings by
CVE-2022-3137 Taskbuilder before 1.0.8 doesn't validate and sanitize task's attachments, which could allow attackers to perform Stored Cross-site Scripting by attaching a malicious SVG file.
to the task. This Stored Cross-Site Scripting could then be executed via the task owner's subscription, via shared permissions, or through any other
CVE-2022-3136 The Social Rocket plugin before 1.3.3 doesn't sanitize its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks.
If you use this unfiltered_html setting in a multisite setup, make sure to set the site whitelisting option to ‘yes’, if you do not
CVE-2021-25044
This might be an issue when using the Cryptocurrency Pricing list or any other plugin that has a similar shortcode. If you are using WordPress
CVE-2022-2629 The Top Bar WordPress plugin before 3.0.4 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
When Top Bar is outputting settings with unfiltered_html enabled, these settings are not escaping and are not being sanitised before output. This could lead
Episode
00:00:00
00:00:00