Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-40131: WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

CVE
Open in Source
#csrf#vulnerability#wordpress
CVE-2022-44628: 4ECPS Web Forms

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.

CVE-2022-25952: WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

CVE-2022-36404: WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability - Patchstack

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

CVE-2022-36404: Simple SEO

Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap.

CVE-2022-3852: Vulnerability Advisories Continued - Wordfence

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-3776: Vulnerability Advisories Continued - Wordfence

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2696: Vulnerability Advisories Continued - Wordfence

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

Blokhaus Announced Launching of New Open-Source NFT Tool Minterpress

By Deeba Ahmed Minterpress is a new open-source plugin that allows collectors and creators to host and mint eco-friendly NFTs on WordPress. This is a post from HackRead.com Read the original post: Blokhaus Announced Launching of New Open-Source NFT Tool Minterpress

CVE-2022-44586: AM-HiLi

Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.