CVE-2022-2891 The WP 2FA plugin 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
As a result, we recommended deprecating these comparison operators and upgrading to a version that uses the strongest mitigation available.
Between the time the WP
CVE-2022-3154 The Woo Billingo Plus and Integration for Billingo & Gravity Forms WordPress plugins before 4.4.5.4 and 1.0.4, respectively, lack CSRF checks in some AJAX actions.
or purchase add-ons. In addition, the plugin does not offer any protection against CSRF on its Contact Form. The only way to fix this issue
CVE-2022-42724 Before 2.4.164, MISP allows attackers to find role names. This is information that only site admins should have.
When the Settings page is accessed, the controller pulls data from the settings table and sends a request to the settings form. In the settings
CVE-2022-3434 A vulnerability was found in SourceCodester Web-Based Student Clearance System. The function 'prepare' can be manipulated to cause cross site scripting.
The researcher discovered that it is possible to execute arbitrary PHP code on the server. Stored application credentials may be accessed. The security issue has
CVE-2022-41392 TotalJS 8c2c8909 has a XSS vulnerability that allows attackers to execute arbitrary web scripts or HTML.
XSS vulnerabilities can be exploited by visitors without any authentication requirements. An attacker can inject script code or HTML into a web page and make
Episode
00:00:00
00:00:00