Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2022-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | |||||
| CVE-2022-0147 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2022-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-44964 | 1 Lua | 1 Lua | 2022-03-20 | 4.3 MEDIUM | 6.3 MEDIUM |
| Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. | |||||
| CVE-2021-41952 | 1 Tribalsystems | 1 Zenario | 2022-03-20 | 3.5 LOW | 4.8 MEDIUM |
| Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | |||||
| CVE-2021-25026 | 1 Patreon | 1 Patreon Wordpress | 2022-03-19 | 3.5 LOW | 5.5 MEDIUM |
| The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-25007 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2022-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection | |||||
| CVE-2021-25006 | 1 Molie Instructure Canvas Linking Tool Project | 1 Molie Instructure Canvas Linking Tool | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24996 | 1 Wki | 1 Idpay For Contact Form 7 | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24995 | 1 Html5 Responsive Faq Project | 1 Html5 Responsive Faq | 2022-03-19 | 3.5 LOW | 4.8 MEDIUM |
| The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2021-24982 | 1 Childtheme-generator | 1 Child Theme Generator | 2022-03-19 | 3.5 LOW | 6.4 MEDIUM |
| The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard | |||||
| CVE-2021-24966 | 1 Bestwebsoft | 1 Error Log Viewer | 2022-03-19 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | |||||
| CVE-2021-24959 | 1 Techspawn | 1 Wp-email-users | 2022-03-19 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. | |||||
| CVE-2021-24950 | 1 Thememove | 1 Insight Core | 2022-03-19 | 3.5 LOW | 5.4 MEDIUM |
| The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks | |||||
| CVE-2021-24940 | 1 Woocommerce | 1 Persian-woocommerce | 2022-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24897 | 1 Viitorcloud | 1 Add Subtitle | 2022-03-19 | 3.5 LOW | 5.4 MEDIUM |
| The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24895 | 1 Webbigt | 1 Cybersoldier | 2022-03-19 | 3.5 LOW | 4.8 MEDIUM |
| The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24692 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2022-03-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. | |||||
| CVE-2022-24576 | 1 Gpac | 1 Gpac | 2022-03-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by Use After Free through MP4Box. | |||||
| CVE-2022-24575 | 1 Gpac | 1 Gpac | 2022-03-19 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. | |||||
| CVE-2022-24574 | 1 Gpac | 1 Gpac | 2022-03-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). | |||||