Cookie Consent by Free Privacy Policy Generator CVE-2022-33177 | Oplugins Booking Calendar Plugin up to 9.2.1 on WordPress Translations Update cross-site request forgery
Paypal Spenden für Projekt | Google Playstore Download Button für Team IT Security

Theme Auswahl



➠ CVE-2022-33177 | Oplugins Booking Calendar Plugin up to 9.2.1 on WordPress Translations Update cross-site request forgery

A vulnerability was found in Oplugins Booking Calendar Plugin up to 9.2.1 and classified as problematic. Affected by this issue is some unknown functionality of the component Translations Update Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-33177. The attack may be launched remotely. There is no exploit available....


➦ Sicherheitslücken / Exploits ☆ vuldb.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2022-33177 | Oplugins Booking Calendar Plugin up to 9.2.1 on WordPress Translations Update cross-site request forgery'

Comments on private posts could be leaked to other users

vom 2281.07 Punkte
Users who lack visibility to a post are also able to access or view the comments associated with it. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

Open redirect in wp_nonce_ays

vom 2058.34 Punkte
The WordPress HTTP referer is not properly validated when a user is redirected. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Stored XSS and information exposure via wp-mail.php

vom 2058.34 Punkte
User authentication is not properly checked when the WordPress mail is run to prevent stored XSS. Additionally, adding email addresses from post-by-email logs are creating potential for information exposure vulnerability. This vulnerability affects t

Stored XSS via comment editing

vom 2054.5 Punkte
Missing adequate checks during comment editing can lead to stored XSS attacks. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Leak in content from multipart emails and reverting shared objects for current user

vom 2054.5 Punkte
Reset PHPMailer properties between use to prevent information disclosure and revert shared objects for the current user to also prevent information disclosure This vulnerability affects the following application versions: WordPress 3.6

CSRF in wp-trackback.php

vom 2054.5 Punkte
Missing authentication settings can lead to CSRF attacks This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

SQL injection within the link API

vom 1962.34 Punkte
The link API in the bookmark is not properly checked against an SQL injection. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

XSS vulnerability on the plugins screen

vom 1962.34 Punkte
The plugins screen is not properly escaped to prevent an XSS attack. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

Output escaping issue within the_meta()

vom 1962.34 Punkte
A variable in the_meta() function is not properly escaped to prevent an XSS attack. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Object injection in some multisite installations

vom 1774.17 Punkte
The multisite installation of WordPress is not properly sanitized to prevent object injection via the upgrade process. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

SQL injection vulnerability in WP_Query

vom 1770.33 Punkte
Missing sanitization can lead to SQL injection in WP_Tax_Query This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.

RCE POP Chains vulnerability

vom 1647.44 Punkte
Unserialized objects can lead to remote code execution, allowing an attacker to take control of all the properties of the deserialized object This vulnerability affects the following application versions: WordPress 4.1

Team Security Diskussion über CVE-2022-33177 | Oplugins Booking Calendar Plugin up to 9.2.1 on WordPress Translations Update cross-site request forgery