Volver al listado | Servicio proveido por: vulneralert
Últimas alertas
02-12-2022 18:03
Wordfence Security Falls to Fourth Place in December Test of WordPress Plugins’ Zero-Day Protection
30-11-2022 10:46

cve-2022-45842 Vulnerabilidad documentada

Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to increase/decrease rating scores.
http://cwe.mitre.org/data/definitions/367.html CWE-367 Time-of-check Time-of-use (TOCTOU)
30-11-2022 06:26
CVE-2022-4027 | SimplePress Plugin up to 6.8 on WordPress postitem cross site scripting A vulnerability, which was…
29-11-2022 18:47

cve-2022-4036 Vulnerabilidad documentada

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This due the use of insufficiently strong hashing algorithm on secret that also displayed user via a cookie.
http://cwe.mitre.org/data/definitions/804.html CWE-804 Guessable
29-11-2022 06:25
RT @Shajahanali_bd: Remove Blacklisted from WordPress Website
https://t.co/UzLZFLGqOM via @9GAG #Malware #WordPress #Fiverr #WooCommerce…
28-11-2022 20:22
CVE-2022-3689 The HTML Forms WordPress plugin before 1.3.25 does not properly escape a parameter us…
28-11-2022 17:46

cve-2022-38140 Vulnerabilidad documentada

7.6 HIGH
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly plugin <= 12.1.10 on WordPress.
http://cwe.mitre.org/data/definitions/434.html CWE-434 Unrestricted of with Dangerous Type
28-11-2022 11:46

cve-2022-3865 Vulnerabilidad documentada

8.8 HIGH
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter using it in SQL statement, leading to injection exploitable by users with role as low admin
http://cwe.mitre.org/data/definitions/89.html CWE-89 Improper Neutralization of Special Elements used an Command ('SQL Injection')
22-11-2022 13:47

cve-2022-44737 Vulnerabilidad documentada

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
http://cwe.mitre.org/data/definitions/352.html CWE-352 Cross-Site (CSRF)
22-11-2022 05:46

cve-2022-45363 Vulnerabilidad documentada

Auth. (subascriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
http://cwe.mitre.org/data/definitions/79.html CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
eAprende.com | 2021
Icons made by Freepik from www.flaticon.com