» 2022 » 5월

CVE-2022-1583

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1583

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

Source: CVE-2022-1583

CVE-2022-1643

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1643

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Source: CVE-2022-1643

CVE-2022-1611

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

Source: CVE-2022-1611

CVE-2022-1646

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1646

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Source: CVE-2022-1646

CVE-2022-1644

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1644

The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Source: CVE-2022-1644

CVE-2022-1566

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1566

The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

Source: CVE-2022-1566

CVE-2022-1528

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

Source: CVE-2022-1528

CVE-2022-1387

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1387

The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Source: CVE-2022-1387

CVE-2022-1527

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1527

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Source: CVE-2022-1527

CVE-2022-1299

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1299

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Source: CVE-2022-1299