Kategori: NIST-Güvenlik Açıkları

CVE-2022-3082

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users,…

Devamını oku

CVE-2022-3126

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in…

Devamını oku

CVE-2022-3139

The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…

Devamını oku

CVE-2022-3149

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to…

Devamını oku

CVE-2022-3206

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named “passster” using base64 encoding method which is easy to decode. This puts…

Devamını oku

CVE-2022-3243

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements,…

Devamını oku