CVE-2022-2224 | Gallery for Social Photo up to 1.0.0.27 on WordPress gifeed_duplicate_feed cross-site request forgery



Portal Nachrichten

TSEC NEWS (572 Quellen): 11.08.22 Perofrmance fix. Download Android App Android App von Team IT Security


Cybersecurity Themen Chronologie für jeden Suchbegriff


CVE-2022-2224 | Gallery for Social Photo up to 1.0.0.27 on WordPress gifeed_duplicate_feed cross-site request forgery

vuldb.com

A vulnerability was found in Gallery for Social Photo up to 1.0.0.27. It has been classified as problematic. Affected is the function gifeed_duplicate_feed. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-2224. It is possible to launch the attack remotely. There is no exploit available....

Kompletten Nachrichten Artikel lesen


Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Object injection in some multisite installations

vom 1569.13 Punkte
The multisite installation of WordPress is not properly sanitized to prevent object injection via the upgrade process. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

SQL injection vulnerability in WP_Query

vom 1565.74 Punkte
Missing sanitization can lead to SQL injection in WP_Tax_Query This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

[CVE-2020-36326 - CVE-2018-19296] Object injection in PHPMailer

vom 1440.43 Punkte
CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach. CVE-2018-19296 - Was vuln

3 Security improvements XML-RPC

vom 1304.21 Punkte
[XML-RPC] Improve error messages for unprivileged users Add specific permission checks to avoid ambiguous failure messages. [XML-RPC] Fix length validation of anonymous commenter's email address Fix the first step of validating an anonymous commente

The August 2022 Security Update Review

vom 1299.99 Punkte
It’s the second Tuesday of the month, and the last second Tuesday before Black Hat and DEFCON, which means Microsoft and Adobe have released their latest security fixes. Take a break from packing (if you’re headed to hacker summer camp) or your nor

Ensure latest comments can only be viewed from public posts

vom 1280.44 Punkte
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

The April 2022 Security Update Review

vom 1245.52 Punkte
Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for April 2022For April, Ad

Add a new filter to extend set-screen-option

vom 1236.29 Punkte
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1236.29 Punkte
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1236.29 Punkte
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

vom 1120.81 Punkte
Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi

Authenticated XSS issue via theme uploads

vom 1114.02 Punkte
Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2

Team Security Diskussion über CVE-2022-2224 | Gallery for Social Photo up to 1.0.0.27 on WordPress gifeed_duplicate_feed cross-site request forgery