Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1964 | 1 Easy Svg Support Project | 1 Easy Svg Support | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2022-1951 | 1 Kitestudio | 1 Core Plugin For Kitestudio Themes | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-1948 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.7 HIGH |
| An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. | |||||
| CVE-2022-1946 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-1945 | 1 Colorlib | 1 Coming Soon \& Maintenance Mode | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1940 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
| A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | |||||
| CVE-2022-1938 | 1 Awin | 1 Awin Data Feed | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings | |||||
| CVE-2022-1937 | 1 Awin | 1 Awin Data Feed | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1933 | 1 Collect And Deliver Interface For Woocommerce Project | 1 Collect And Deliver Interface For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1932 | 1 Rezgo | 1 Rezgo Online Booking | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file | |||||
| CVE-2022-1928 | 1 Gitea | 1 Gitea | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | |||||
| CVE-2022-1916 | 1 Pluginus | 1 Woot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-1915 | 1 Wpreviewslider | 1 Wp Zillow Review Slider | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite) | |||||
| CVE-2022-1910 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1909 | 1 Organizr | 1 Organizr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | |||||
| CVE-2022-1906 | 1 Digiprove | 1 Copyright Proof | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. | |||||
| CVE-2022-1904 | 1 Fatcatapps | 1 Easy Pricing Tables | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1896 | 1 Underconstruction Project | 1 Underconstruction | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | |||||
| CVE-2022-1894 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed | |||||
| CVE-2022-1889 | 1 Thenewsletterplugin | 1 Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed | |||||