Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2775 | 1 Fastflow | 1 Fastflow | 2024-11-21 | 5.5 Medium |
| The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2763 | 1 Wp Socializer Project | 1 Wp Socializer | 2024-11-21 | 4.8 Medium |
| The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2753 | 1 Ketchup Restaurant Reservations Project | 1 Ketchup Restaurant Reservations | 2024-11-21 | 6.1 Medium |
| The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made | ||||
| CVE-2022-2737 | 1 Wp-staging | 1 Wp Staging | 2024-11-21 | 4.8 Medium |
| The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2731 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2729 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2710 | 1 Scroll To Top Project | 1 Scroll To Top | 2024-11-21 | 4.8 Medium |
| The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2655 | 1 Radiustheme | 1 Classified Listing | 2024-11-21 | 6.1 Medium |
| The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2635 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 4.8 Medium |
| The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2629 | 1 Wpdarko | 1 Top Bar | 2024-11-21 | 4.8 Medium |
| The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2628 | 1 Dsgvo-for-wp | 1 Dsgvo All In One For Wp | 2024-11-21 | 4.8 Medium |
| The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2599 | 1 Anti-malware Security And Brute-force Firewall Project | 1 Anti-malware Security And Brute-force Firewall | 2024-11-21 | 6.1 Medium |
| The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-2589 | 1 Fava Project | 1 Fava | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. | ||||
| CVE-2022-2575 | 1 Woobewoo | 1 Wbw Currency Switcher For Woocommerce | 2024-11-21 | 4.8 Medium |
| The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2567 | 1 Codepeople | 1 Form Builder Cp | 2024-11-21 | 4.8 Medium |
| The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2565 | 1 Paymattic | 1 Simple Payment Donations \& Subscriptions | 2024-11-21 | 7.2 High |
| The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins | ||||
| CVE-2022-2538 | 1 Nsp-code | 1 Wp Hide \& Security Enhancer | 2024-11-21 | 6.1 Medium |
| The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2537 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-21 | 6.1 Medium |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | ||||
| CVE-2022-2532 | 1 Slickremix | 1 Feed Them Social | 2024-11-21 | 6.1 Medium |
| The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||