Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-40698: WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

CVE
Open in Source
#xss#vulnerability#wordpress#auth
CVE-2022-40130: WordPress WP-Polls plugin <= 2.76.0 - Race Condition vulnerability - Patchstack

Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.

CVE-2022-41839: WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability - Patchstack

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.

CVE-2022-41788: Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.

CVE-2022-41685: WordPress Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.

CVE-2022-41615: WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.

CVE-2022-41634: Media Library Folders

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.

CVE-2022-41643: Accessibility

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.

CVE-2022-41655: WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability - Patchstack

Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.