Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46814 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-1595 | 1 Hc Custom Wp-admin Url Project | 1 Hc Custom Wp-admin Url | 2022-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request | |||||
| CVE-2022-1549 | 1 Wp Athletics Project | 1 Wp Athletics | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2022-0745 | 1 Likebtn | 1 Like Button Rating | 2022-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | |||||
| CVE-2021-25116 | 1 Enqueue Anything Project | 1 Enqueue Anything | 2022-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. | |||||
| CVE-2022-1605 | 1 Email Users Project | 1 Email Users | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users | |||||
| CVE-2022-1604 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1624 | 1 Latest Tweets Widget Project | 1 Latest Tweets Widget | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1612 | 1 Webriti | 1 Webriti Smtp Mail | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1608 | 1 Byonepress | 1 Social Locker | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1656 | 1 Artbees | 2 Jupiter X Core, Jupiterx | 2022-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. | |||||
| CVE-2022-1710 | 1 Dwbooster | 1 Appointment Hour Booking | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2022-1707 | 1 Gtm4wp | 1 Google Tag Manager | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. | |||||
| CVE-2022-1694 | 1 Useful Banner Manager Project | 1 Useful Banner Manager | 2022-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. | |||||
| CVE-2022-1724 | 1 Simple-membership-plugin | 1 Simple Membership | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-1532 | 1 Themify | 1 Woocommerce Product Filter | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1412 | 1 Premierethemes | 1 Log Wp Mail | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | |||||
| CVE-2017-20019 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1336 | 1 Ceikay | 1 Carousel Ck | 2022-06-17 | 3.5 LOW | 4.8 MEDIUM |
| The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||