Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | |||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | |||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2024-11-21 | N/A | 7.2 HIGH |
| Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | |||||
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2024-11-21 | N/A | 5.4 MEDIUM |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | |||||
| CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | |||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2024-11-21 | N/A | 4.3 MEDIUM |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | |||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2024-11-21 | N/A | 7.6 HIGH |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | |||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2024-11-21 | N/A | 7.3 HIGH |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | |||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2024-11-21 | N/A | 7.6 HIGH |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | |||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | |||||
| CVE-2022-35242 | 1 59sec | 1 The Leads Management System\ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | |||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | |||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
| CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | |||||
| CVE-2022-33970 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | |||||