CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
If you have installed Obsidian on your server, it is critical that you review the list of REST API endpoints, as there is a risk
CVE-2022-44551 The iaware module has a vulnerability in thread security
This issue results because thread_id in the password settings is not verified before being used. This can result in an attacker gaining root privileges.
CVE-2022-43031 DedeCMS v6.1.9 has a CSRF flaw that allows attackers to add administrator accounts and modify admin passwords.
This vulnerability occurs due to the presence of an untrusted data source when a user with the ‘Administrator’ account type tries to login to the
"CVE-2022-43488: Critical Cross-Site Request Forgery (CSRF) Vulnerability FOUND in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress – Leading to Rule Type Migration – Patch Now!"
Are you using the Advanced Dynamic Pricing for WooCommerce plugin on your WordPress website? If so, you need to be aware of a newly discovered
CVE-2022-40632 gVectors Team wpForo Forum plugin = 2.0.5 vulnerable to CSRF leading to topic deletion.
A malicious user with access to the admin settings of the site can perform CSRF attack to delete any topic in the site. WordPress 4.
Episode
00:00:00
00:00:00