CVE-2022-23183 The vulnerability allows a remote attacker to view information of the database without permission.
The weakness exists due to lack of sufficient validating access checks which allows an attacker to bypass the validation. By doing so, attacker can enter
CVE-2022-0888 - Deep Dive into the Ninja Forms File Uploads Extension Vulnerability (Unauthenticated RCE in WordPress)
In early 2022, a critical vulnerability shook the WordPress ecosystem, affecting websites using the popular Ninja Forms - File Uploads Extension plugin. Labeled as CVE-2022-0888,
CVE-2022-0591 The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter, which can be used to exploit SSRF issues.
The plugin does not sanitize the input from an attacker controlled server and therefore does not reject the request if it comes from an attacker
CVE-2022-0165 The Page Builder KingComposer WordPress plugin 2.9.6 does not validate the id parameter before redirecting to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users.
This results in a redirect loop where the user is redirected to the page they just edited but the page is not updated with the
CVE-2022-0441 The MasterStudy LMS WordPress plugin before 2.7.6 had an authentication flaw that allowed unauthenticated users to register as an admin.
This could potentially allow for users outside of the WordPress installation to view, edit, or delete posts or members. We have changed the validation code
Episode
00:00:00
00:00:00