CVE-2022-38260 The Interview Management System v1.0 had a SQL injection vulnerability.
A remote user or attacker can inject arbitrary SQL commands to the system, and the system will execute the command. If SQL injection is not
CVE-2022-2775 The Fast Flow Widget before 1.2.13 has some untagged settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
The unfiltered_html option controls whether or not the WordPress dashboard, admin screens, and other public areas that may be viewed by unauthenticated users are
CVE-2022-2657 The Multivendor Marketplace Solution for WooCommerce plugin before 3.8.12 had authorisation and CSRF issues, which could allow users to suspend vendors.
attacks on other users’ accounts, such as when a vendor suspends another vendor or when vendors call other vendors and alter their orders. These unauthenticated
CVE-2022-2597 The Visual Portfolio, Photo Gallery & Post Grid plugin before 2.19.0 had some security issues, allowing users with a low role to inject arbitrary CSS.
This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as
CVE-2022-2376 Directorist plugin before 7.3.1 leaks email addresses of users in an AJAX action to both unauthenticated and authenticated users.
on the site’s backend. This email address is displayed even if a user is not signed up for email updates. Such information can be
Episode
00:00:00
00:00:00