Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4699 | 1 Mediaelement.js Project | 1 Mediaelement.js | 2023-02-06 | N/A | 5.4 MEDIUM |
| The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. | |||||
| CVE-2022-4680 | 1 Revive | 1 Revive Old Posts | 2023-02-06 | N/A | 7.2 HIGH |
| The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | |||||
| CVE-2022-4671 | 1 Pixelgrade | 1 Pixcodes | 2023-02-06 | N/A | 5.4 MEDIUM |
| The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4667 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2023-02-06 | N/A | 5.4 MEDIUM |
| The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4654 | 1 Fatcatapps | 1 Pricing Tables | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4651 | 1 Justified Gallery Project | 1 Justified Gallery | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-24439 | 2 Fedoraproject, Gitpython Project | 2 Fedora, Gitpython | 2023-02-06 | N/A | 9.8 CRITICAL |
| All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | |||||
| CVE-2022-4649 | 1 Wp Extended Search Project | 1 Wp Extended Search | 2023-02-06 | N/A | 5.4 MEDIUM |
| The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4835 | 1 Linksalpha | 1 Social Sharing Toolkit | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4834 | 1 Cpt Bootstrap Carousel Project | 1 Cpt Bootstrap Carousel | 2023-02-06 | N/A | 5.4 MEDIUM |
| The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4831 | 1 Paidmembershipspro | 1 Custom User Profile Fields For User Registration | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4828 | 1 Bold-themes | 1 Bold Timeline Lite | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4794 | 1 Getaawp | 1 Amazon Affiliate Wordpress Plugin | 2023-02-06 | N/A | 7.5 HIGH |
| The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. | |||||
| CVE-2022-4793 | 1 Solwininfotech | 1 Blog Designer | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4792 | 1 Infornweb | 1 News \& Blog Designer Pack | 2023-02-06 | N/A | 5.4 MEDIUM |
| The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-46087 | 1 Cloudschool Project | 1 Cloudschool | 2023-02-06 | N/A | 5.4 MEDIUM |
| CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. | |||||
| CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-42484 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-0240 | 1 Linux | 1 Linux Kernel | 2023-02-06 | N/A | 7.8 HIGH |
| There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | |||||
| CVE-2023-0266 | 1 Linux | 1 Linux Kernel | 2023-02-06 | N/A | 7.8 HIGH |
| A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e | |||||