Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1268PUBLISHED: 2022-05-23The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
CVE-2022-1298PUBLISHED: 2022-05-23The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-1320PUBLISHED: 2022-05-23The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1547PUBLISHED: 2022-05-23The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1558PUBLISHED: 2022-05-23The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
User Rank: Author
12/1/2014 | 9:37:18 AM
Still, Apple Pay is supposed to add stronger multi-factor authentication to every purchase -- that's the good news. The maybe-not-such-good news is that the Apple Pay infrastructure makes you rely on Apple for the lion's share of your payment security -- moreso even than your bank.
We wrote about it in September: http://www.darkreading.com/apple-pay-ups-payment-security-but-pos-threats-remain/d/d-id/1315608