CVE-2022-2924 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3
You can use XSS to steal user credentials or execute any other malicious code on the target website. By default, most of the CMS like
CVE-2022-2567 The Form Builder CP WordPress plugin before 1.2.32 does not sanitize and escape some of its form settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks.
When upgrading from older versions of this plugin, users are advised to review and adjust their WordPress configuration per the recommendations outlined in this post.
CVE-2022-3036 The Gettext plugin before 2.0.0 did not sanitize and escape some of its settings, which allowed high-privilege users to perform Stored Cross-Site Scripting attacks.
Prior to version 2.0.0, the unfiltered_html setting was not properly sanitised and escaped, which could lead to an information disclosure if a
CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters, which could allow unauthenticated attackers to perform SQL Injection attacks.
through the WordPress admin interface. An attacker can inject a SQL statement by sending a malicious request to the vulnerable server, then by sending a
CVE-2022-1591 The WordPress Ping Optimizer plugin before 2.35.1.3.0 had no CSRF check, which could allow attackers to make a logged in admin change them.
If a logged in user visits an attacker controlled blog, a vulnerability in the WordPress plugin can be exploited to change the settings. WordPress plugin
Episode
00:00:00
00:00:00