Total
3248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1345 | 1 Organizr | 1 Organizr | 2024-11-21 | 9.0 Critical |
| Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | ||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2024-11-21 | 7.2 High |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | ||||
| CVE-2022-1103 | 1 Advanced Uploader Project | 1 Advanced Uploader | 2024-11-21 | 8.8 High |
| The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE | ||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | ||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.2 High |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2024-11-21 | 7.2 High |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | ||||
| CVE-2022-0962 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0960 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0951 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.1 Medium |
| File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0945 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | ||||
| CVE-2022-0930 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.7 Medium |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0912 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0888 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-11-21 | 9.8 Critical |
| The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 | ||||
| CVE-2022-0863 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2024-11-21 | 7.2 High |
| The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. | ||||
| CVE-2022-0687 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 8.8 High |
| The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. | ||||
| CVE-2022-0537 | 1 Mappresspro | 1 Mappress | 2024-11-21 | 7.2 High |
| The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access. | ||||
| CVE-2022-0499 | 1 Sermon Browser Project | 1 Sermon Browser | 2024-11-21 | 8.8 High |
| The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. | ||||