Karim El Ouerghemmi

Researcher fromRIPS
#9594of 53,635
28.8Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2022-15016
8.0
2022-01-06
WordPress · Wordpress · CVE-2022-21662
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 **Description** Low-privileged authenticated users, such as authors, in the WordPress core are able to execute JavaScript and perform a stored XSS attack, which can affect high-privileged users. **Recommendations** For WordPress versions prior to 5.8.3, update to version 5.8.3 or later. For WordPress versions prior to 3.7.37, update to version 3.7.37 or later. Keep auto-updates enabled to ensure the latest security patches are applied. As a temporary workaround, consider restricting access to sensitive areas of the WordPress core until a patch is applied.
PT-2022-15017
7.2
2022-01-06
Mariadb · Mariadb · CVE-2022-21663
**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 **Description** The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. **Recommendations** For versions prior to 5.8.3, update to version 5.8.3 or later. For versions prior to 3.7.37, update to version 3.7.37 or later. As a general measure, keep auto-updates enabled to ensure the latest security patches are applied.
PT-2020-5742
7.5
2020-10-15
WordPress · Wordpress · CVE-2020-28033
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The problem specifically involves mishandling embeds from disabled sites on a multisite network, allowing for spam embeds. Recommendations: For WordPress versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to embeds from disabled sites on a multisite network to minimize the risk of exploitation.
PT-2020-5778
6.1
2020-10-15
WordPress · Wordpress · CVE-2020-28038
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient protection measures for web page structures in the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The problem allows stored XSS via post slugs. Recommendations: For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to post slug editing to minimize the risk of exploitation.