CVE-2022-2887 The WP Server Health Stats plugin before 1.7.0 has flaws that allow high privilege users to perform CSX attacks.
All WordPress installations should update immediately to avoid potential attacks by hackers.
Before 1.7.0, WP Server Health Stats did not escape the wp_
CVE-2022-2635 The Autoptimize WordPress plugin has an unfiltered_html setting that can allow high privilege users to perform Stored Cross-Site Scripting attacks.
The vulnerability occurs when the unfiltered_html capability is disabled, but the sanitization of the plugin settings is not done. In this case, a high
CVE-2022-2877 Titan Anti-spam & Security plugin before 7.3.1 doesn't properly validate HTTP headers, allowing threat actors to spoof the origin IP address.
An attacker could then send spam through the WordPress site. This update fixes the issue by adding better validation.
8.1.1 - 8.1.
CVE-2022-2737 The WP STAGING WordPress plugin before 2.9.18 contains unfiltered_html settings that allow high privilege users to perform stored cross-site scripting attacks.
WP STAGING version 2.9.18 and below is vulnerable to unauthenticated XSS via unfiltered_html capability in options. An attacker could inject malicious code
CVE-2022-2913 Login No Captcha plugin before 1.7 doesn't check the proper IP address, allowing attackers to spoof IP addresses and bypass the need for captchas on the login screen.
If you are running a WordPress site and are connecting to it with a regular web browser, you might be asked to complete a CAPTCHA
Episode
00:00:00
00:00:00