Kategori: NIST-Güvenlik Açıkları

CVE-2022-0739

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via…

Devamını oku

CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action…

Devamını oku

CVE-2022-0229

The miniOrange’s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the…

Devamını oku

CVE-2022-0364

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with…

Devamını oku

CVE-2022-0423

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing…

Devamını oku

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

Devamını oku

CVE-2022-0515

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability…

Devamını oku

CVE-2022-0590

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site…

Devamını oku

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users…

Devamını oku