U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 8,715 matching records.
Displaying matches 3,641 through 3,660.
Vuln ID Summary CVSS Severity
CVE-2022-41840

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.

Published: November 18, 2022; 2:15:30 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-41805

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.

Published: November 18, 2022; 2:15:30 PM -0500 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2022-41781

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

Published: November 18, 2022; 2:15:30 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-41692

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

Published: November 18, 2022; 2:15:30 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-41652

Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

Published: November 18, 2022; 2:15:29 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-40687

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

Published: November 18, 2022; 2:15:29 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-40686

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

Published: November 18, 2022; 2:15:29 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-38974

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

Published: November 18, 2022; 2:15:29 PM -0500 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2022-38075

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.

Published: November 18, 2022; 2:15:29 PM -0500 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-45375

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-45077

Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-45069

Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-45066

Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-44736

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-44591

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.

Published: November 17, 2022; 6:15:24 PM -0500 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-41791

Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.

Published: November 17, 2022; 6:15:23 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-41315

Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.

Published: November 17, 2022; 6:15:22 PM -0500 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-41132

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.

Published: November 17, 2022; 6:15:21 PM -0500 		V3.1: 6.1 MEDIUM
 V2.0:(not available)
CVE-2022-40694

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.

Published: November 17, 2022; 6:15:21 PM -0500 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-40200

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.

Published: November 17, 2022; 6:15:20 PM -0500 		V3.1: 8.8 HIGH
 V2.0:(not available)