Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-45069 |
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. Published: November 17, 2022; 6:15:24 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-45066 |
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. Published: November 17, 2022; 6:15:24 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-44736 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. Published: November 17, 2022; 6:15:24 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-44591 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. Published: November 17, 2022; 6:15:24 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-41791 |
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. Published: November 17, 2022; 6:15:23 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-41315 |
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress. Published: November 17, 2022; 6:15:22 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-41132 |
Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. Published: November 17, 2022; 6:15:21 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-40694 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress. Published: November 17, 2022; 6:15:21 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-40200 |
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Published: November 17, 2022; 6:15:20 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-40192 |
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Published: November 17, 2022; 6:15:19 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2021-36905 |
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. Published: November 17, 2022; 6:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-45072 |
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Published: November 17, 2022; 5:15:11 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-45071 |
Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Published: November 17, 2022; 5:15:11 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-38461 |
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). Published: November 17, 2022; 5:15:10 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-4022 |
The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. Published: November 16, 2022; 9:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4021 |
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: November 16, 2022; 9:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-3240 |
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: November 15, 2022; 9:15:10 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-3632 |
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. Published: November 14, 2022; 10:15:54 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-3631 |
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). Published: November 14, 2022; 10:15:54 AM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-3578 |
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Published: November 14, 2022; 10:15:52 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |