Export limit exceeded: 46898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0662 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0659 | 1 Sync Qcloud Cos Project | 1 Sync Qcloud Cos | 2024-11-21 | 4.8 Medium |
| The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0649 | 1 Ajdg | 1 Adrotate | 2024-11-21 | 4.8 Medium |
| The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-0648 | 1 I13websolution | 1 Team Circle Image Slider With Lightbox | 2024-11-21 | 6.1 Medium |
| The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0647 | 1 Bulk Creator Project | 1 Bulk Creator | 2024-11-21 | 6.1 Medium |
| The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0643 | 1 Bank Mellat Project | 1 Bank Mellat | 2024-11-21 | 6.1 Medium |
| The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0641 | 1 Ays-pro | 1 Popup Like Box | 2024-11-21 | 6.1 Medium |
| The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2024-11-21 | 6.1 Medium |
| The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0628 | 1 Accesspressthemes | 1 Ap Mega Menu | 2024-11-21 | 6.1 Medium |
| The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0627 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 6.1 Medium |
| The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0626 | 1 Kuroit | 1 Advanced Admin Search | 2024-11-21 | 6.1 Medium |
| The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0625 | 1 Admin Menu Editor Project | 1 Admin Menu Editor | 2024-11-21 | 6.1 Medium |
| The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0621 | 1 Dtabs Project | 1 Dtabs | 2024-11-21 | 6.1 Medium |
| The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2024-11-21 | 6.1 Medium |
| The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0619 | 1 Database Peek Project | 1 Database Peek | 2024-11-21 | 6.1 Medium |
| The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0612 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v. | ||||
| CVE-2022-0602 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. | ||||
| CVE-2022-0601 | 1 Edmonsoft | 1 Countdown\, Coming Soon\, Maintenance - Countdown \& Clock | 2024-11-21 | 6.1 Medium |
| The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0600 | 1 Myceliumdesign | 1 Conference Scheduler | 2024-11-21 | 6.1 Medium |
| The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0599 | 1 Mapping Multiple Urls Redirect Same Page Project | 1 Mapping Multiple Urls Redirect Same Page | 2024-11-21 | 6.1 Medium |
| The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||