Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3241 | 1 Rahamsolutions | 1 Build App Online | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-3936 | 1 Wpdarko | 1 Team Members | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in a multisite setup). | |||||
| CVE-2022-4099 | 1 Getcloudsms | 1 Joy Of Text Lite | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection | |||||
| CVE-2022-48197 | 1 Yui Project | 1 Yui | 2023-01-09 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-20161 | 1 Macgeiger Project | 1 Macgeiger | 2023-01-09 | N/A | 7.8 HIGH |
| A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188. | |||||
| CVE-2015-10009 | 1 Nonfiction | 1 Nterchange | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187. | |||||
| CVE-2022-4109 | 1 Cedcommerce | 1 Wholesale Market For Woocommerce | 2023-01-09 | N/A | 2.7 LOW |
| The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to (for example in multisite) | |||||
| CVE-2022-36437 | 1 Hazelcast | 2 Hazelcast, Hazelcast-jet | 2023-01-09 | N/A | 9.1 CRITICAL |
| The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3. | |||||
| CVE-2022-48194 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2023-01-09 | N/A | 8.8 HIGH |
| TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. | |||||
| CVE-2022-4140 | 1 Collne | 1 Welcart E-commerce | 2023-01-09 | N/A | 7.5 HIGH |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server | |||||
| CVE-2022-4114 | 1 Apusthemes | 1 Superio | 2023-01-09 | N/A | 5.4 MEDIUM |
| The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks. | |||||
| CVE-2022-4855 | 1 Lead Management System Project | 1 Lead Management System | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020. | |||||
| CVE-2014-125035 | 1 Jobs-plugin Project | 1 Jobs-plugin | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability. | |||||
| CVE-2022-4119 | 1 Sirv | 1 Image Optimizer\, Resizer And Cdn | 2023-01-09 | N/A | 4.8 MEDIUM |
| The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2019-25093 | 1 Recent Threads On Index Project | 1 Recent Threads On Index | 2023-01-09 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4049 | 1 Wp User Project | 1 Wp User | 2023-01-09 | N/A | 9.8 CRITICAL |
| The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2022-3994 | 1 Authenticator Project | 1 Authenticator | 2023-01-09 | N/A | 4.3 MEDIUM |
| The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations. | |||||
| CVE-2021-4297 | 1 Jobe Project | 1 Jobe | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4856 | 1 Modbustools | 1 Modbus Slave | 2023-01-09 | N/A | 7.8 HIGH |
| A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability. | |||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2023-01-09 | N/A | 9.8 CRITICAL |
| The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||