CVE-2022-2709 The Float to Top Button plugin through 2.3.6 has settings that could allow high privilege users such as admins to perform Stored Cross-Site Scripting attacks.
This issue was fixed in version 2.4.0. You can update to the latest version by uploading it through the plugin admin panel. Another
CVE-2022-3021 The Slickr Flickr plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users to perform cross-site scripting attacks.
We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you
CVE-2022-37247 Stored XSS vulnerability in CMS 4.2.0.1 admin/settings/fields page.
The stored XSS could lead to remote code execution.
Vulnerability has been assigned Common Vulnerabilty Scale of 5.1. If you are running latest version
CVE-2022-38808 ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
By sending a specially crafted request, a remote attacker may be able to gain access to the system and possibly run arbitrary SQL queries.
There
CVE-2022-2575 The WBW Currency Switcher for WooCommerce plugin before 1.6.6 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
WP-Climates plugin before 3.2.2 for WP, due to lack of the fix for CVE-2017-8905, is still vulnerable to SQL injection when exporting certain
Episode
00:00:00
00:00:00