Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45824 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2391 | 1 Wpzoom | 1 Inspiro Pro | 2024-11-21 | 5.4 Medium |
| The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. | ||||
| CVE-2022-2386 | 1 Automattic | 1 Crowdsignal Dashboard | 2024-11-21 | 6.1 Medium |
| The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2384 | 1 Supsystic | 1 Digital Publications By Supsystic | 2024-11-21 | 4.8 Medium |
| The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2383 | 1 Slickremix | 1 Feed Them Social | 2024-11-21 | 6.1 Medium |
| The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2378 | 1 Easy Student Results Project | 1 Easy Student Results | 2024-11-21 | 6.1 Medium |
| The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2375 | 1 Okapitech | 1 Wp Sticky Button | 2024-11-21 | 5.4 Medium |
| The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | ||||
| CVE-2022-2374 | 1 Nsqua | 1 Simply Schedule Appointments | 2024-11-21 | 4.8 Medium |
| The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2372 | 1 Yaycommerce | 1 Yaysmtp | 2024-11-21 | 4.8 Medium |
| The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2371 | 1 Yaycommerce | 1 Yaysmtp | 2024-11-21 | 5.4 Medium |
| The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. | ||||
| CVE-2022-2365 | 1 Trilium Project | 1 Trilium | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.53.3. | ||||
| CVE-2022-2361 | 1 Quadlayers | 1 Wp Social Chat | 2024-11-21 | 4.8 Medium |
| The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-2351 | 1 Wpexperts | 1 Post Smtp | 2024-11-21 | 4.8 Medium |
| The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2342 | 1 Getoutline | 1 Outline | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. | ||||
| CVE-2022-2341 | 1 Simple Page Transition Project | 1 Simple Page Transition | 2024-11-21 | 4.8 Medium |
| The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2340 | 1 W-dalil Project | 1 W-dalil | 2024-11-21 | 4.8 Medium |
| The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2328 | 1 Flexi Quote Rotator Project | 1 Flexi Quote Rotator | 2024-11-21 | 4.8 Medium |
| The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-2325 | 1 Securebit | 1 Invitation Based Registrations | 2024-11-21 | 4.8 Medium |
| The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2316 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 5.4 Medium |
| HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | ||||
| CVE-2022-2305 | 1 Timersys | 1 Popups | 2024-11-21 | 4.8 Medium |
| The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-2300 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. | ||||