Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4546 | 1 Conceptbeans | 1 Mapwiz | 2023-02-22 | N/A | 7.2 HIGH |
| The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2022-4783 | 1 Youtube Channel Gallery Project | 1 Youtube Channel Gallery | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0060 | 1 Responsive Gallery Grid Project | 1 Responsive Gallery Grid | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-25764 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | |||||
| CVE-2023-25763 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | |||||
| CVE-2023-25762 | 1 Jenkins | 1 Pipeline\ | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | |||||
| CVE-2023-25761 | 1 Jenkins | 1 Junit | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | |||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2023-02-22 | N/A | 4.3 MEDIUM |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-23847 | 1 Jenkins | 1 Synopsys Coverity | 2023-02-22 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 9.9 CRITICAL |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2022-4488 | 1 Widgets On Pages Project | 1 Widgets On Pages | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4551 | 1 Croover | 1 Rich Table Of Contents | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4512 | 1 Better Font Awesome Project | 1 Better Font Awesome | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4562 | 1 Mekshq | 1 Meks Flexible Shortcodes | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4745 | 1 Wp-customerarea | 1 Wp Customer Area | 2023-02-22 | N/A | 7.1 HIGH |
| The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. | |||||
| CVE-2022-4682 | 1 Wpgogo | 1 Lightbox-gallery | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4678 | 1 Templatesnext | 1 Templatesnext Toolkit | 2023-02-22 | N/A | 5.4 MEDIUM |
| The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4656 | 1 Plugins-market | 1 Wp Visitor Statistics | 2023-02-22 | N/A | 5.4 MEDIUM |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4628 | 1 Wpplugin | 1 Easy Paypal Buy Now Button | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-24572 | 1 Dell | 1 Command \| Integration Suite For System Center | 2023-02-22 | N/A | 3.3 LOW |
| Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | |||||