Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4751 | 1 Back2nature | 1 Word Balloon | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4753 | 1 Print-o-matic Project | 1 Print-o-matic | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4758 | 1 10web | 1 Map Builder For Google Maps | 2023-01-31 | N/A | 5.4 MEDIUM |
| The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2014-5110 | 1 Netfortris | 1 Trixbox | 2023-01-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. | |||||
| CVE-2022-33322 | 1 Mitsubishielectric | 238 Ma-ew85s-e, Ma-ew85s-e Firmware, Ma-ew85s-uk and 235 more | 2023-01-31 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | |||||
| CVE-2022-0388 | 1 Humananatomyillustrations | 1 Interactive Medical Drawing Of Human Body | 2023-01-31 | 3.5 LOW | 4.8 MEDIUM |
| The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3811 | 1 Eu Cookie Law Project | 1 Eu Cookie Law | 2023-01-31 | N/A | 4.8 MEDIUM |
| The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4715 | 1 Wpsc-plugin | 1 Structured Content | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4554 | 1 Idyazilim | 1 B2b Dealer Order System | 2023-01-31 | N/A | 5.4 MEDIUM |
| B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. | |||||
| CVE-2021-43446 | 1 Onlyoffice | 1 Server | 2023-01-31 | N/A | 6.1 MEDIUM |
| ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used. | |||||
| CVE-2022-4718 | 1 Pluginops | 1 Landing Page Builder | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4716 | 1 Timersys | 1 Wp Popups | 2023-01-31 | N/A | 5.4 MEDIUM |
| The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4672 | 1 Tipsandtricks-hq | 1 Wordpress Simple Paypal Shopping Cart | 2023-01-31 | N/A | 5.4 MEDIUM |
| The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4629 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4570 | 1 Top 10 Project | 1 Top 10 | 2023-01-31 | N/A | 5.4 MEDIUM |
| The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-22721 | 1 Oi Yandex.maps Project | 1 Oi Yandex.maps | 2023-01-30 | N/A | 5.4 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions. | |||||
| CVE-2022-4675 | 1 Mongoosemarketplace | 1 Mongoose Page Plugin | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2021-24837 | 1 Passster Project | 1 Passter | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2022-4627 | 1 Sevenspark | 1 Shiftnav | 2023-01-30 | N/A | 5.4 MEDIUM |
| The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4673 | 1 Blazzdev | 1 Rate My Post | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||