CVE-2022-4932
CVE-2022-4932 concerns the WordPress plugin Total Upkeep (versions up to and including 1.14.13). The root cause is missing authorization on the heartbeat_received() function triggered by WordPress heartbeat, enabling authenticated users with subscriber-level permissions and above to disclose info...