Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2024-11-21 | 5.6 Medium |
| An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | ||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2024-11-21 | 4.3 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | ||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2024-11-21 | 5.4 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | ||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2024-11-21 | 5.4 Medium |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | ||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-11-21 | 4.3 Medium |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | ||||
| CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2024-11-21 | 7.2 High |
| Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | ||||
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2024-11-21 | 5.4 Medium |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | ||||
| CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2024-11-21 | 6.5 Medium |
| Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | ||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2024-11-21 | 4.3 Medium |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | ||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2024-11-21 | 7.6 High |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2024-11-21 | 6.5 Medium |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | ||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2024-11-21 | 7.3 High |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | ||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | 5.4 Medium |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | ||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2024-11-21 | 7.6 High |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | ||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2024-11-21 | 7.2 High |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | ||||
| CVE-2022-36246 | 1 Shopbeat | 1 Shop Beat Media Player | 2024-11-21 | 9.8 Critical |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | ||||
| CVE-2022-35242 | 1 59sec | 1 The Leads Management System\ | 2024-11-21 | 6.5 Medium |
| Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | ||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | 6.5 Medium |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | ||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | 8.8 High |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | ||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | 9.8 Critical |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | ||||