Export limit exceeded: 348241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0690 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0684 | 1 Wp Home Page Menu Project | 1 Wp Home Page Menu | 2024-11-21 | 4.8 Medium |
| The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2024-11-21 | 6.1 Medium |
| The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | ||||
| CVE-2022-0678 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0674 | 1 Kunze-medien | 1 Kunze Law | 2024-11-21 | 4.8 Medium |
| The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0663 | 1 Printfriendly | 1 Print\, Pdf\, Email By Printfriendly | 2024-11-21 | 4.8 Medium |
| The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0662 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2024-11-21 | 4.8 Medium |
| The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0649 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2024-11-21 | 6.1 Medium |
| The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0647 | 1 Bulk Creator Project | 1 Bulk Creator | 2024-11-21 | 6.1 Medium |
| The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0643 | 1 Bank Mellat Project | 1 Bank Mellat | 2024-11-21 | 6.1 Medium |
| The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0641 | 1 Ays-pro | 1 Popup Like Box | 2024-11-21 | 6.1 Medium |
| The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2024-11-21 | 6.1 Medium |
| The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0628 | 1 Accesspressthemes | 1 Ap Mega Menu | 2024-11-21 | 6.1 Medium |
| The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0627 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 6.1 Medium |
| The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2024-11-21 | 6.1 Medium |
| The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2024-11-21 | 6.1 Medium |
| The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0621 | 1 Dtabs Project | 1 Dtabs | 2024-11-21 | 6.1 Medium |
| The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2024-11-21 | 6.1 Medium |
| The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||