Kategori: Güvenlik Açıkları

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as…

Devamını oku

CVE-2022-3062

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting Zafiyet ile…

Devamını oku

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks…

Devamını oku

CVE-2022-3070

The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting…

Devamını oku

CVE-2021-24890

The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated…

Devamını oku

CVE-2022-21169

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. Zafiyet ile ilgili Genel…

Devamını oku