Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-34839 |
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. Published: July 22, 2022; 1:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34650 |
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-33960 |
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-33901 |
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-33191 |
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-30998 |
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-29495 |
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-27235 |
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Published: July 22, 2022; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34487 |
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-33198 |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-31475 |
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2022-30536 |
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-28700 |
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Published: July 21, 2022; 2:15:08 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-30337 |
Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. Published: July 21, 2022; 1:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-28666 |
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. Published: July 21, 2022; 1:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-32289 |
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Published: July 21, 2022; 12:15:09 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-29454 |
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. Published: July 20, 2022; 3:15:14 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-36849 |
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress. Published: July 20, 2022; 3:15:08 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2022-2444 |
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. Published: July 18, 2022; 1:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-2443 |
The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. Published: July 18, 2022; 1:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |