CVE-2022-3069 The WordLift plugin before 3.37.2 has a bug that allows high privilege users to perform cross-site scripting attacks.
In particular, users with the “edit_posts” or “edit_custom_post_types” capability can exploit this vulnerability to inject malicious code into posts or custom
CVE-2022-3076 The CM Download Manager WordPress plugin before 2.8.6 has an setting that allows high privilege users such as admin to upload arbitrary files. This could be used by admins of multisite blog to upload PHP files.
This issue was also present in the previous version of this plugin.
WordPress blogs are often configured in multisite mode. A common setup involves blogs
CVE-2022-3074 The Slider Hero WordPress plugin before 8.4.4 has an escape issue where a high-privileged user can do a CSST attack.
WordPress sites that have this slider turned on, might be vulnerable to Cross-Site Scripting attacks. This was fixed in version 8.5.1. If you
CVE-2022-3062 The Simple File List plugin before 4.4.12 does not protect input parameters before output, which can lead to Reflected Cross-Site Scripting.
which could lead to the execution of malicious code if a malicious user has access to the server. The update version 4.4.12 fixes
CVE-2022-1613 The Restricted Site Access plugin before 7.3.2 allowed IP-based restrictions to be bypassed in certain situations.
This issue was resolved by updating this plugin's code to use REMOTE_ADDR in situations where it makes sense. In most cases, this
Episode
00:00:00
00:00:00