CVE-2022-1657 - Critical Path Traversal and Local File Inclusion in Jupiter and JupiterX WordPress Themes
The CVE-2022-1657 vulnerability exposes millions of WordPress sites running vulnerable versions of the popular Jupiter (<= 6.10.1) and JupiterX (<= 2..6) themes.
CVE-2022-1707 The Google Tag Manager for WordPress plugin is vulnerable to reflected Cross-Site Scripting due to the site search populating into the data layer. This ranges from up to and including 1.15.
Google Tag Manager for WordPress is a plugin for WordPress that helps you manage your Google Analytics, AdWords, and Google Search campaigns from inside WordPress.
CVE-2022-1772 The Google Places Reviews plugin before 2.0.0 did not properly escape its API key, which is reflected on the site's administration panel.
In the latest 2.0.0 version of the plugin, the Google Places Reviews code has been refactored to fix this issue. If you are
CVE-2022-1598 The WPQA Builder plugin before 5.4 lacked authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users.
The WPQA Builder plugin has a REST API for managing questions and answers on your site. If a WPQA Builder question is marked as private,
CVE-2022-0788 The WordPress plugin before 1.5.0 does not sanitize and escape a parameter before using it in a SQL statement, which can be exploited by unauthenticated users.
If a user can inject a WP REST API endpoint via a SQL injection, then the WP REST API can be used to perform any
Episode
00:00:00
00:00:00