Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-40311: Analytics Cat – Google Analytics Made Easy

Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress.

CVE
Open in Source
#xss#web#google#js#wordpress#php#auth
CVE-2022-41638: Pop-Up Chop Chop

Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-42029: Security issues - Chamilo LMS

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

CVE-2022-26375: WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.

CVE-2020-35539: Data Manipulation with X-Forwarded-For header at WordPress

A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.

WordPress Photo Gallery 1.8.0 Cross Site Scripting

WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.

CVE-2022-3243

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin