CVE-2022-0411 The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route, leading to a SQL injection.
when accessing the “Settings” page via a REST route of the plugin. The attacker can exploit this to execute arbitrary SQL commands and obtain access
CVE-2022-25149 - How Hackers Exploit WP Statistics with SQL Injection – A Deep Dive
WordPress is the backbone for millions of websites, but its popularity also means it's a big target for hackers. In this long read,
CVE-2022-24707 Anuko Time Tracker is a PHP time tracking application with SQL injection and blind injection vulnerabilities. Versions prior to 1.20.0.5642 are vulnerable.
Anuko Time Tracker has a feature where users can punch information. One of the features of this is that users can create PDF files of
CVE-2022-0633 UpdraftPlus plugin before 1.22.3 and 2.22.3 may not properly validate a user has the privileges to access a backup's nonce, which may allow anyone with an account to retrieve it.
This could put other users’ data at risk, since the plugin does not limit the list of subscribers in the download description. In most cases,
CVE-2022-24665 PHP Code Snippets were included in 2.0.3 of PHP Everywhere, which allowed execution of code snippets by any user able to edit posts.
This functionality was intentionally disabled by the developers of the plugin in order to prevent any possible security issues.
The snipped code could be posted
Episode
00:00:00
00:00:00