Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4372 | 1 Web Invoice Project | 1 Web Invoice | 2023-01-09 | N/A | 7.2 HIGH |
| The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well | |||||
| CVE-2022-4381 | 1 Code-atlantic | 1 Popup Maker | 2023-01-09 | N/A | 5.4 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4373 | 1 Quote-o-matic Project | 1 Quote-o-matic | 2023-01-09 | N/A | 7.2 HIGH |
| The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
| CVE-2022-46305 | 1 Changingtec | 1 Servisign | 2023-01-09 | N/A | 6.5 MEDIUM |
| ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. | |||||
| CVE-2022-4417 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2023-01-09 | N/A | 5.3 MEDIUM |
| The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | |||||
| CVE-2019-13768 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 7.4 HIGH |
| Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2022-4358 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2022-4359 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2023-01-09 | N/A | 7.2 HIGH |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2021-21200 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 5.4 MEDIUM |
| Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low) | |||||
| CVE-2021-30558 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2015-10011 | 1 Cisco | 1 Openresolve | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability. | |||||
| CVE-2022-4198 | 1 Wp Social Sharing Project | 1 Wp Social Sharing | 2023-01-09 | N/A | 4.8 MEDIUM |
| The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4142 | 1 Wordpress Filter Gallery Project | 1 Wordpress Filter Gallery | 2023-01-09 | N/A | 4.8 MEDIUM |
| The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled. | |||||
| CVE-2022-4200 | 1 Miniorange | 1 Login With Cognito | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4236 | 1 Collne | 1 Welcart E-commerce | 2023-01-09 | N/A | 6.5 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | |||||
| CVE-2022-0801 | 1 Google | 1 Chrome | 2023-01-09 | N/A | 6.1 MEDIUM |
| Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2022-0337 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-01-09 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) | |||||
| CVE-2022-2742 | 1 Google | 3 Chrome, Chrome Os, Linux And Chrome Os | 2023-01-09 | N/A | 8.8 HIGH |
| Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) | |||||
| CVE-2022-43333 | 1 Teleniasoftware | 1 Tvox | 2023-01-09 | N/A | 9.8 CRITICAL |
| Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. | |||||