CVE-2022-2395 WeForms before 1.6.14 is vulnerable to cross-site scripting attacks due to its lack of sanitization and escaping of settings.
This has been fixed in version 1.6.15 and later.
Before upgrading, make sure that your site is not under attack. If you have
CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.
This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a
CVE-2022-2117 The GiveWP plugin is vulnerable to Sensitive Information Disclosure, starting from 2.20.2, via the /donor-wall REST-API endpoint.
If you are using a plugin that adds a ‘Donor Wall’ option to your WordPress site, and are using version 2.20.2 or earlier,
CVE-2022-1672 - Unpacking the CSRF Vulnerability in Google PageSpeed WordPress Plugin Before v4..7
If you use WordPress and rely on Google PageSpeed Insights Plugin to boost your site speed, you might have been at risk without even knowing
CVE-2022-2144 - How A Missing CSRF Check in jQuery Validation For Contact Form 7 Plugin Threatens WordPress Sites
WordPress plugins make website management easier, but sometimes security oversights turn them into targets for attackers. CVE-2022-2144 is a classic example—a Cross-Site Request Forgery
Episode
00:00:00
00:00:00