) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-0899 |
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. Published: July 25, 2022; 9:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-0594 |
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. Published: July 25, 2022; 9:15:08 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-34853 |
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Published: July 22, 2022; 1:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-34839 |
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. Published: July 22, 2022; 1:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-34650 |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-33960 |
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-33901 |
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-33191 |
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-30998 |
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-29495 |
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-27235 |
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-34487 |
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-33198 |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-31475 |
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2022-30536 |
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-28700 |
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2022-30337 |
Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. Published: July 21, 2022; 1:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-28666 |
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. Published: July 21, 2022; 1:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-32289 |
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Published: July 21, 2022; 12:15:09 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-29454 |
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. Published: July 20, 2022; 3:15:14 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |