Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0703 | 1 Gd-mylist Project | 1 Gd-mylist | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0702 | 1 Unboxinteractive | 1 Petfinder-listings | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0701 | 1 Seo-301-meta Project | 1 Seo-301-meta | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0700 | 1 Chrsinteractive | 1 Simple Tracking | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0690 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0684 | 1 Wp Home Page Menu Project | 1 Wp Home Page Menu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0683 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8. | |||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0678 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0674 | 1 Kunze-medien | 1 Kunze Law | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0663 | 1 Printfriendly | 1 Print\, Pdf\, Email By Printfriendly | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0662 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0653 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1. | |||||
| CVE-2022-0649 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0647 | 1 Bulk Creator Project | 1 Bulk Creator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0643 | 1 Bank Mellat Project | 1 Bank Mellat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0641 | 1 Ays-pro | 1 Popup Like Box | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||