Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
NVD-CWE-noinfo
CVE-2022-41652
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-41655
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
CVE-2022-41707
Relatedcode’s Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public.
CVE-2022-41709
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled.
CVE-2022-41719
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.