Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0601 1 Edmonsoft 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock 2024-11-21 6.1 Medium
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0600 1 Myceliumdesign 1 Conference Scheduler 2024-11-21 6.1 Medium
The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0599 1 Mapping Multiple Urls Redirect Same Page Project 1 Mapping Multiple Urls Redirect Same Page 2024-11-21 6.1 Medium
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0598 1 Idehweb 1 Login With Phone Number 2024-11-21 4.8 Medium
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0597 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0596 1 Microweber 1 Microweber 2024-11-21 4.3 Medium
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0595 1 Codedropz 1 Drag And Drop Multiple File Upload - Contact Form 7 2024-11-21 5.4 Medium
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
CVE-2022-0594 1 Shareaholic 1 Shareaholic 2024-11-21 5.3 Medium
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
CVE-2022-0593 1 Idehweb 1 Login With Phone Number 2024-11-21 6.5 Medium
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
CVE-2022-0592 1 Mapsvg 1 Mapsvg 2024-11-21 9.8 Critical
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
CVE-2022-0591 1 Subtlewebinc 1 Formcraft3 2024-11-21 9.1 Critical
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
CVE-2022-0590 1 Ait-pro 1 Bulletproof Security 2024-11-21 4.8 Medium
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0589 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
CVE-2022-0587 1 Librenms 1 Librenms 2024-11-21 6.5 Medium
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0578 1 Publify Project 1 Publify 2024-11-21 6.5 Medium
Code Injection in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0577 2 Debian, Scrapy 2 Debian Linux, Scrapy 2024-11-21 6.5 Medium
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
CVE-2022-0576 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
CVE-2022-0575 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0574 1 Publify Project 1 Publify 2024-11-21 6.5 Medium
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0573 1 Jfrog 1 Artifactory 2024-11-21 8.8 High
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.