Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1643 | 1 Birthdays Widget Project | 1 Birthdays Widget | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1009 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | |||||
| CVE-2022-1275 | 1 Stillbreathing | 1 Bannerman | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) | |||||
| CVE-2022-1294 | 1 99webtools | 1 Imdb Info Box | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1387 | 1 No Future Posts Project | 1 No Future Posts | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1299 | 1 Slideshow Project | 1 Slideshow | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1395 | 1 Easy Faq With Expanding Text Project | 1 Easy Faq With Expanding Text | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1456 | 1 Ays-pro | 1 Poll Maker | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed | |||||
| CVE-2022-1527 | 1 Wpwhitesecurity | 1 Wp 2fa | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1645 | 1 Amazon Link Project | 1 Amazon Link | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-1646 | 1 Simple Real Estate Pack Project | 1 Simple Real Estate Pack | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1644 | 1 Call\&book Mobile Bar Project | 1 Call\&book Mobile Bar | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2021-27781 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | |||||
| CVE-2022-1528 | 1 Vikwp | 1 Vik Booking | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-31648 | 1 Talend | 1 Administration Center | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | |||||
| CVE-2022-1542 | 1 Justsystems | 1 Hpb Dashboard | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-1562 | 1 Room 34 Creative Services | 1 Enable Svg | 2022-06-08 | 3.5 LOW | 5.4 MEDIUM |
| The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2022-1564 | 1 10web | 1 Form Maker | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-1568 | 1 Wpdarko | 1 Team Members | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||