#wordpress

CVE-2022-43487: Salon Booking System

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.

3 years ago

CVE

Open in Source

#xss #vulnerability #web #google #wordpress #auth

CVE-2022-43504: WordPress 6.0.3 Security Release

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.

3 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #wordpress #php #auth

CVE-2022-35730: WordPress Oceanwp sticky header plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.

3 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2022-40968: WordPress 2kb Amazon Affiliates Store plugin <= 2.1.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress.

3 years ago

CVE

Open in Source

#xss #vulnerability #web #amazon #wordpress #auth

CVE-2022-4220: WP plugin Chained Quiz multiple vulnerabilities

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

3 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #wordpress #php #auth

CVE-2022-4213: Vulnerability Advisories Continued - Wordfence

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

3 years ago

CVE

Open in Source

#xss #vulnerability #web #java #wordpress #php #backdoor #rce #perl #ssrf #auth

What Developers Need to Fight the Battle Against Common Vulnerabilities

3 years ago

The Hacker News

Open in Source

#sql #xss #vulnerability #wordpress #perl #The Hacker News

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and compliance requirements for some time, we are seeing a steady increase in attention on cybersecurity best

3 years ago

The Hacker News

Open in Source

#sql #xss #vulnerability #wordpress #perl #The Hacker News

CVE-2022-45842: WordPress WP ULike plugin <= 4.6.4 - Race Condition vulnerability - Patchstack

Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.

3 years ago

CVE

Open in Source

#vulnerability #wordpress #auth

CVE-2022-26366: WordPress AdRotate Banner Manager plugin <= 5.9 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.