Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-4794 |
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-4793 |
The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4792 |
The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4787 |
Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4781 |
The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4776 |
The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4765 |
The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4763 |
The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4749 |
The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4699 |
The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4680 |
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-4671 |
The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4667 |
The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4654 |
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4651 |
The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4649 |
The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4553 |
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-4552 |
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: January 30, 2023; 4:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4496 |
The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in. Published: January 30, 2023; 4:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4472 |
The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: January 30, 2023; 4:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |