Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-44584: WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability - Patchstack

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

CVE
Open in Source
#vulnerability#wordpress#auth
CVE-2022-40698: WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

CVE-2022-40130: WordPress WP-Polls plugin <= 2.76.0 - Race Condition vulnerability - Patchstack

Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on WordPress.

CVE-2022-41839: WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability - Patchstack

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.

CVE-2022-41618: Media Library Assistant

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.

CVE-2022-41615: WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.

CVE-2022-41788: Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.

CVE-2022-41634: Media Library Folders

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.