Kategori: Güvenlik Açıkları

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an…

Devamını oku

CVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a…

Devamını oku

CVE-2022-1463

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could…

Devamını oku

CVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file,…

Devamını oku

CVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a…

Devamını oku

CVE-2022-1567

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the…

Devamını oku

CVE-2022-20004

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege…

Devamını oku

CVE-2022-20006

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what’s under the lockscreen due to a race condition.…

Devamını oku

CVE-2022-20007

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it’s still in the foreground, when it is not, due…

Devamını oku