OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. Date published : 2022-05-20 https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-30551.pdf https://github.com/OPCFoundation/UA-Java-Legacy
ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. Date published : 2022-05-20 https://cxsecurity.com/issue/WLB-2022050020 https://packetstormsecurity.com/files/166984/ChatBot-Application-With-A-Suggestion-Feature-1.0-SQL-Injection.html
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Herd Effects plugin
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Hover Effects plugin
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin
Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin
Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin
Cross-Site Scripting (XSS) vulnerability in Muneeb’s WP Slider Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni’s Disable Right Click For WP plugin
Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team’s Slideshow, Image Slider by 2J plugin
Cross-Site Scripting (XSS) vulnerability in WP Wham’s Checkout Files Upload for WooCommerce plugin
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Date published : 2022-05-20 https://www.exploit-db.com/exploits/50859