Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1673 | 1 Greenwallet | 1 Woocommerce Green Wallet Gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-1647 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-1646 | 1 Simple Real Estate Pack Project | 1 Simple Real Estate Pack | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1645 | 1 Amazon Link Project | 1 Amazon Link | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-1644 | 1 Call\&book Mobile Bar Project | 1 Call\&book Mobile Bar | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-1643 | 1 Birthdays Widget Project | 1 Birthdays Widget | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1628 | 1 Coleds | 1 Simple Seo | 2024-11-21 | N/A | 6.4 MEDIUM |
| The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into posts/pages that execute whenever an administrator access the page. | |||||
| CVE-2022-1604 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1597 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks | |||||
| CVE-2022-1593 | 1 Site Offline Or Coming Soon Project | 1 Site Offline Or Coming Soon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack | |||||
| CVE-2022-1590 | 1 Bludit | 1 Bludit | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1584 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim | |||||
| CVE-2022-1582 | 1 Webfactoryltd | 1 External Links In New Window \/ New Tab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | |||||
| CVE-2022-1575 | 1 Diagrams | 1 Drawio | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | |||||
| CVE-2022-1571 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ... | |||||
| CVE-2022-1569 | 1 Pieforms | 1 Drag \& Drop Builder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1568 | 1 Wpdarko | 1 Team Members | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1566 | 1 Quotes Llama Project | 1 Quotes Llama | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file | |||||
| CVE-2022-1564 | 1 10web | 1 Form Maker | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1562 | 1 Room 34 Creative Services | 1 Enable Svg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||