CVE-2022-2355 : EASY USERNAME UPDATER PLUGIN UP TO 1.0.4 ON WORDPRESS CROSS-SITE REQUEST FORGERY

Description

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user’s username includes the admin.

References

https://wpscan.com/vulnerability/426b5a0f-c16d-429a-9396-b3aea7922826

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to