Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (346600 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23976 1 Accesspressthemes 1 Access Demo Importer 2025-02-20 8.1 High
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media).
CVE-2022-23975 1 Accesspressthemes 1 Access Demo Importer 2025-02-20 6.5 Medium
Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin.
CVE-2022-27853 1 Contest-gallery 1 Contest Gallery 2025-02-20 4.8 Medium
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
CVE-2022-27862 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin 2025-02-20 9.8 Critical
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
CVE-2022-27863 1 Vikwp 1 Vikbooking Hotel Booking Engine \& Property Management System Plugin 2025-02-20 5.3 Medium
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests.
CVE-2022-29417 1 Shortpixel 1 Shortpixel Adaptive Images 2025-02-20 4.3 Medium
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.
CVE-2022-29418 1 Night Mode Project 1 Night Mode 2025-02-20 4.8 Medium
Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color].
CVE-2022-29419 1 3xsocializer Project 1 3xsocializer 2025-02-20 6 Medium
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.
CVE-2021-36867 1 Psychological Tests \& Quizzes Project 1 Psychological Tests \& Quizzes 2025-02-20 5.4 Medium
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.
CVE-2021-36895 1 Tripetto 1 Tripetto 2025-02-20 4.7 Medium
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.
CVE-2022-27854 1 Psychological Tests \& Quizzes Project 1 Psychological Tests \& Quizzes 2025-02-20 5.4 Medium
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter.
CVE-2022-27860 1 Footer-text Project 1 Footer-text 2025-02-20 6.1 Medium
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.
CVE-2022-29415 1 Ravpage Project 1 Ravpage 2025-02-20 6.1 Medium
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress.
CVE-2022-29410 1 Hermit Project 1 Hermit 2025-02-20 7.4 High
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
CVE-2022-29413 1 Hermit Project 1 Hermit 2025-02-20 4.7 Medium
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
CVE-2022-29412 1 Hermit Project 1 Hermit 2025-02-20 5.4 Medium
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
CVE-2022-29411 1 Hermit Project 1 Hermit 2025-02-20 8.3 High
SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
CVE-2022-29414 1 Wpkube 1 Subscribe To Comments Reloaded 2025-02-20 5.4 Medium
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
CVE-2022-29451 1 Rarathemes 1 Rara One Click Demo Import 2025-02-20 8.8 High
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.
CVE-2022-29444 1 Cloudways 1 Breeze 2025-02-20 6.5 Medium
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.