WordPress:CVE: Difference between revisions
No edit summary |
|||
| Line 21: | Line 21: | ||
# CVE-2022-0212 The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), lead... https://cve.mitre.org/cgi-bin/cvenam | # CVE-2022-0212 The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), lead... https://cve.mitre.org/cgi-bin/cvenam | ||
# CVE-2022-0214 The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the... https://cve.mitre.org/cgi-bin/cvenam | # CVE-2022-0214 The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the... https://cve.mitre.org/cgi-bin/cvenam | ||
[[Category:Security]] | |||
[[Category:WordPress]] | |||