CVE-2022-3538

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins...

elasticsearch -- directory traversal attack with site plugins

Elastic reports: Vulnerability Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch when one or more site plugins are installed, or when Windows is the server OS...