Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0628 | 1 Accesspressthemes | 1 Ap Mega Menu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0627 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0621 | 1 Dtabs Project | 1 Dtabs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0619 | 1 Database Peek Project | 1 Database Peek | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0612 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | |||||
| CVE-2022-0602 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. | |||||
| CVE-2022-0601 | 1 Edmonsoft | 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0600 | 1 Myceliumdesign | 1 Conference Scheduler | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0599 | 1 Mapping Multiple Urls Redirect Same Page Project | 1 Mapping Multiple Urls Redirect Same Page | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0598 | 1 Idehweb | 1 Login With Phone Number | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0595 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue | |||||
| CVE-2022-0590 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0589 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2022-0571 | 2 Fedoraproject, Phoronix-media | 3 Extra Packages For Enterprise Linux, Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | |||||
| CVE-2022-0565 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 7.6 HIGH |
| Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | |||||