CVE-2022-40098 The ID of the expense update system was found to be vulnerable to a SQL injection attack.
If exploited, this would allow an attacker to execute arbitrary SQL commands against the application.
On July 14th 2018, it was discovered that The official
CVE-2022-3070 The Generate PDF plugin before 3.6 did not sanitise and escape its settings, which allowed high privilege users to perform XSS attacks.
This allows attackers with low privilege levels to inject malicious code into the generated PDFs, thus escalating their privileges on the site. Plugins that generate
CVE-2022-3135 The SEO Smart Links WordPress plugin through 3.0.1 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
When the unfiltered_html setting is disabled, URLs must be manually checked for potential cross-site scripting attacks.
When the unfiltered_html setting is enabled, any
CVE-2021-24890 The Scripts Organizer plugin before 3.0 had no capability for CSRF checks or validation of user input, which could allow unauthentic attacks.
which will be executed the next time the file is loaded by WordPress. This could allow for a wide range of attacks, including SQL injection,
CVE-2022-3098 The Login Block IPs plugin through 1.0.0 doesn't have CSRF check, which could allow attackers to make a logged in admin change them.
Attackers could then access or modify the settings of the plugin, such as disabling the setting to require a password to login or enable login
Episode
00:00:00
00:00:00