Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45535 | 1 Aerocms Project | 1 Aerocms | 2022-11-23 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-44785 | 1 Maggioli | 1 Appalti \& Contratti | 2022-11-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter. | |||||
| CVE-2022-41788 | 1 Pencidesign | 1 Soledad | 2022-11-23 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. | |||||
| CVE-2022-3720 | 1 Awplife | 1 Event Monster | 2022-11-23 | N/A | 7.2 HIGH |
| The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users | |||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2022-11-23 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | |||||
| CVE-2022-45422 | 1 Lg | 1 Smart Share | 2022-11-23 | N/A | 7.8 HIGH |
| When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. | |||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2022-11-23 | N/A | 5.4 MEDIUM |
| Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. | |||||
| CVE-2022-1581 | 1 Wp-polls Project | 1 Wp-polls | 2022-11-23 | N/A | 5.3 MEDIUM |
| The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | |||||
| CVE-2022-3336 | 1 Awplife | 1 Event Monster | 2022-11-23 | N/A | 4.3 MEDIUM |
| The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack | |||||
| CVE-2022-3600 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2022-11-23 | N/A | 9.8 CRITICAL |
| The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||
| CVE-2022-3688 | 1 2code | 1 Wpqa Builder | 2022-11-23 | N/A | 8.8 HIGH |
| The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks | |||||
| CVE-2022-3634 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2022-11-23 | N/A | 9.8 CRITICAL |
| The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection | |||||
| CVE-2022-1578 | 1 My Wpdb Project | 1 My Wpdb | 2022-11-23 | N/A | 8.8 HIGH |
| The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack | |||||
| CVE-2022-0421 | 1 Fivestarplugins | 1 Five Star Restaurant Reservations | 2022-11-23 | N/A | 6.1 MEDIUM |
| The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments | |||||
| CVE-2021-24649 | 1 Wedevs | 1 Wp User Frontend | 2022-11-23 | N/A | 9.8 CRITICAL |
| The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin | |||||
| CVE-2022-45529 | 1 Aerocms Project | 1 Aerocms | 2022-11-23 | N/A | 4.9 MEDIUM |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-3753 | 1 Evaluate Project | 1 Evaluate | 2022-11-23 | N/A | 4.8 MEDIUM |
| The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | |||||
| CVE-2022-3762 | 1 Booster | 1 Booster For Woocommerce | 2022-11-23 | N/A | 6.5 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite) | |||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2022-11-23 | N/A | 4.7 MEDIUM |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | |||||
| CVE-2022-42096 | 1 Backdropcms | 1 Backdrop Cms | 2022-11-23 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | |||||