Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2022-27235: Social Share Buttons by Supsystic

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

CVE
Open in Source
#sql#vulnerability#web#android#google#git#wordpress#php#sap
CVE-2022-33901: MultiSafepay plugin for WooCommerce

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

CVE-2022-34839: WP OAuth2 Server

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.

CVE-2022-34650: Team

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.

Zyxel firewall vulnerabilities left business networks open to abuse

Severity of code execution bug mitigated by ‘high uptake’ of previous patch

CVE-2022-34487: Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.

CVE-2022-33198: Accordions – Multiple Accordions or FAQs Builder

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-30536: WP Maintenance

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.

CVE-2022-28666: Custom Product Tabs for WooCommerce

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.