➠ CVE-2022-2711 | Import any XML or CSV File to Plugin up to 3.6.8 on WordPress ZIP Archive path traversal
A vulnerability was found in Import any XML or CSV File to Plugin up to 3.6.8. It has been declared as critical. This vulnerability affects unknown code of the component ZIP Archive Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2022-2711. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2022-2711 | Import any XML or CSV File to Plugin up to 3.6.8 on WordPress ZIP Archive path traversal'
BaDoinkVR - Large collection of Adult Videos and Images
vom 5531.7 Punkte
In 16 of July of 2019 the popular portal BaDoinkVR got breached and exclusive videos and images were copied from the servers. A total of 1139.31 GB were leaked online. That's more than a one terabyte of adult content.Released tools to get videos and images
Comments on private posts could be leaked to other users
vom 2276.48 Punkte
Users who lack visibility to a post are also able to access or view the comments associated with it.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
Open redirect in wp_nonce_ays
vom 2054.19 Punkte
The WordPress HTTP referer is not properly validated when a user is redirected.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Stored XSS and information exposure via wp-mail.php
vom 2054.19 Punkte
User authentication is not properly checked when the WordPress mail is run to prevent stored XSS. Additionally, adding email addresses from post-by-email logs are creating potential for information exposure vulnerability.
This vulnerability affects t
Stored XSS via comment editing
vom 2050.36 Punkte
Missing adequate checks during comment editing can lead to stored XSS attacks.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Leak in content from multipart emails and reverting shared objects for current user
vom 2050.36 Punkte
Reset PHPMailer properties between use to prevent information disclosure and revert shared objects for the current user to also prevent information disclosure
This vulnerability affects the following application versions:
WordPress 3.6
CSRF in wp-trackback.php
vom 2050.36 Punkte
Missing authentication settings can lead to CSRF attacks
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
SQL injection within the link API
vom 1958.38 Punkte
The link API in the bookmark is not properly checked against an SQL injection.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
XSS vulnerability on the plugins screen
vom 1958.38 Punkte
The plugins screen is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
Output escaping issue within the_meta()
vom 1958.38 Punkte
A variable in the_meta() function is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
Dumping the Amlogic A113X Bootrom
vom 1817.4 Punkte
IntroductionWhile investigating the Sonos One (2nd generation) smart speaker for apotential entry into the Pwn2Own 2022 Toronto competition I got slightly (ahem)sidetracked in a small adventure relating to the bootchain of the AMLogic A113family of chips.Th
Object injection in some multisite installations
vom 1770.59 Punkte
The multisite installation of WordPress is not properly sanitized to prevent object injection via the upgrade process.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1