U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 8,713 matching records.
Displaying matches 3,901 through 3,920.
Vuln ID Summary CVSS Severity
CVE-2022-38139

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

Published: September 13, 2022; 10:15:08 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-38135

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Published: September 12, 2022; 5:15:11 PM -0400 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2022-40191

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

Published: September 09, 2022; 11:15:15 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-38144

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.

Published: September 09, 2022; 11:15:14 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-38093

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in One SEO plugin <= 4.2.3.1 at WordPress.

Published: September 09, 2022; 11:15:14 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-38070

Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.

Published: September 09, 2022; 11:15:14 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-38068

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress.

Published: September 09, 2022; 11:15:14 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-38067

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.

Published: September 09, 2022; 11:15:14 AM -0400 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2022-38059

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 8.0 HIGH
 V2.0:(not available)
CVE-2022-38058

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2022-37412

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-37411

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-37407

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2022-37405

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2022-37404

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-37403

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-37335

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress.

Published: September 09, 2022; 11:15:13 AM -0400 		V3.1: 4.8 MEDIUM
 V2.0:(not available)
CVE-2022-36793

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.

Published: September 09, 2022; 11:15:10 AM -0400 		V3.1: 9.1 CRITICAL
 V2.0:(not available)
CVE-2022-36422

Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.

Published: September 09, 2022; 11:15:10 AM -0400 		V3.1: 3.1 LOW
 V2.0:(not available)
CVE-2022-36376

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.

Published: September 09, 2022; 11:15:10 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0:(not available)