Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-41609: WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability - Patchstack

Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.

CVE
Open in Source
#vulnerability#wordpress#ssrf#auth
CVE-2022-41155: iQ Block Country

Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.

CVE-2022-41618: Media Library Assistant

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.

CVE-2022-44740: Creative Mail – Easier WordPress & WooCommerce Email Marketing

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.

CVE-2022-44634: S2W – Import Shopify to WooCommerce

Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.

CVE-2022-45369: WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability - Patchstack

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.

CVE-2022-43492: Comments – wpDiscuz

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

CVE-2022-44583: WatchTowerHQ

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.