CVE-2022-40194 An Unauthenticated SSI vulnerability in the WooCommerce plugin = 5.3.5.
An attacker can exploit the unauthenticated vulnerability to retrieve the customer’s email address and other personally identifiable information. Unauthenticated information disclosure vulnerabilities occur when
CVE-2022-40310 An authenticated race condition vulnerability exists in the WP Rating System plugin. Attackers can increase or decrease votes.
In order to do so, user needs to be logged in. Once a user is logged in, attacker can manipulate votes by setting high amount
CVE-2022-40087 An arbitrary file write vulnerability was found in the version 1.0 of the College Website.
To discover whether an installation of this software is vulnerable, an attacker can try to create a file via the upload_file() function and check
CVE-2022-36383 Stored XSS vulnerabilities in the WHA Word Search Puzzles game plugin = 2.0.1 at WordPress.
The first two were found by the security researcher, Mihai Budiu. In the first one, a user can be convinced to visit a malicious website
CVE-2022-36365 Stored XSS vulnerabilities in WHA Crossword plugin = 1.1.10 at WordPress.
These issues can be exploited by hackers to execute arbitrary script code in user’s browser. A attacker can expose user’s data through a
Episode
00:00:00
00:00:00