CVE-2022-2449 The reSmush.it: the free Image Optimizer and compress plugin doesn't perform CSRF checks, allowing an attacker to trick logged in users to perform actions on their behalf.
This can be something as simple as viewing a malicious email in your inbox or as dangerous as pushing malicious updates to the WordPress installation.
CVE-2022-3538 The Webmaster Tools Verification plugin through 1.2 doesn't have authorisation and CSRF, allowing unauthenticated users to disable arbitrary plugins.
This could potentially allow an attacker to disable arbitrary plugins, leading to a plugin breakage and Site deactivation. We are actively investigating this issue, and
CVE-2022-3477 The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper and Newsmag WordPress themes, doesn't properly implement Facebook login, which allows attackers to login as any use.
This issue was addressed by Facebook in its security update on April 18th, 2018. More details on this issue can be found in the linked
CVE-2022-3632 – Explained: The OAuth Client by DigitalPixies WordPress Plugin CSRF Vulnerability
It's time for a deep dive into the world of cybersecurity, focusing on a potentially critical vulnerability in a popular WordPress plugin. CVE-2022-3632
CVE-2022-45199 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
This issue was disclosed to the third party vendor who has confirmed the issue and is working on a patch. It has been reported that
Episode
00:00:00
00:00:00