) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-41978 |
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. Published: November 09, 2022; 11:15:18 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-44741 |
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Published: November 08, 2022; 2:15:18 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-43491 |
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. Published: November 08, 2022; 2:15:17 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-43481 |
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. Published: November 08, 2022; 2:15:17 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-42494 |
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. Published: November 08, 2022; 2:15:16 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-41980 |
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. Published: November 08, 2022; 2:15:16 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-41136 |
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. Published: November 08, 2022; 2:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-40632 |
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. Published: November 08, 2022; 2:15:15 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-40223 |
Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. Published: November 08, 2022; 2:15:14 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-40206 |
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. Published: November 08, 2022; 2:15:14 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-40205 |
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. Published: November 08, 2022; 2:15:13 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-40128 |
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Published: November 08, 2022; 2:15:13 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-38137 |
Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. Published: November 08, 2022; 2:15:13 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-32776 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress. Published: November 08, 2022; 2:15:12 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-32587 |
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. Published: November 08, 2022; 2:15:12 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-30545 |
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. Published: November 08, 2022; 2:15:11 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-27858 |
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Published: November 08, 2022; 2:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-27855 |
Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. Published: November 08, 2022; 2:15:10 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-3558 |
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. Published: November 07, 2022; 5:15:12 AM -0500 |
V3.1: 8.0 HIGH V2.0:(not available) |
| CVE-2022-3537 |
The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP Published: November 07, 2022; 5:15:12 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |