Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0503 | 1 Obtaininfotech | 1 Multisite Content Copier\/updater | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard | |||||
| CVE-2022-0449 | 1 Odude | 1 Flexi | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0399 | 1 Berocket | 1 Advanced Product Labels For Woocommerce | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0327 | 1 Jeweltheme | 1 Master Addons For Elementor | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0954 | 1 Microweber | 1 Microweber | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | |||||
| CVE-2022-0951 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0945 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | |||||
| CVE-2022-0960 | 1 Showdoc | 1 Showdoc | 2022-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0702 | 1 Unboxinteractive | 1 Petfinder-listings | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0700 | 1 Chrsinteractive | 1 Simple Tracking | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0701 | 1 Seo-301-meta Project | 1 Seo-301-meta | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0703 | 1 Gd-mylist Project | 1 Gd-mylist | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0684 | 1 Wp Home Page Menu Project | 1 Wp Home Page Menu | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0674 | 1 Kunze-medien | 1 Kunze Law | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0906 | 1 Microweber | 1 Microweber | 2022-03-21 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. | |||||
| CVE-2022-0230 | 1 Bwp-google-xml-sitemaps Project | 1 Bwp-google-xml-sitemaps | 2022-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins | |||||