Total
37663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0218 | 1 Codemiq | 1 Wordpress Email Template Designer | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. | |||||
| CVE-2022-0212 | 1 10web | 1 Spidercalendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2022-0211 | 1 Getshieldsecurity | 1 Shield Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2022-0208 | 1 Mappresspro | 1 Mappress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0206 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2022-0205 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0201 | 2 Permalink Manager Lite Project, Permalink Manager Project | 2 Permalink Manager Lite, Permalink Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0200 | 1 Themify | 1 Portfolio Post | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0193 | 1 Really-simple-plugins | 1 Complianz | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0189 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0186 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard | |||||
| CVE-2022-0182 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | |||||
| CVE-2022-0181 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-0167 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. | |||||
| CVE-2022-0161 | 1 Ari-soft | 1 Ari Fancy Lightbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0159 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0157 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2022-0150 | 1 Wp Accessibility Helper Project | 1 Wp Accessibility Helper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0149 | 1 Visser | 1 Store Exporter For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. | |||||
| CVE-2022-0148 | 1 Premio | 1 Mystickyelements | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | |||||