Total
44255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1320 | 1 10web | 1 Sliderby10web | 2024-11-21 | 4.8 Medium |
| The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-1303 | 1 Slide Anything Project | 1 Slide Anything | 2024-11-21 | 4.8 Medium |
| The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | ||||
| CVE-2022-1301 | 1 Wpexperts | 1 Wp Contact Slider | 2024-11-21 | 4.8 Medium |
| The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | ||||
| CVE-2022-1299 | 1 Slideshow Project | 1 Slideshow | 2024-11-21 | 4.8 Medium |
| The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-1298 | 1 Wpshopmart | 1 Tabs Responsive | 2024-11-21 | 4.8 Medium |
| The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-1294 | 1 99webtools | 1 Imdb Info Box | 2024-11-21 | 4.8 Medium |
| The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2022-1293 | 1 Thalesgroup | 1 Citadel | 2024-11-21 | 5.7 Medium |
| The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. | ||||
| CVE-2022-1291 | 1 Tableexport.jquery.plugin Project | 1 Tableexport.jquery.plugin | 2024-11-21 | 5.4 Medium |
| XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers | ||||
| CVE-2022-1290 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 5.4 Medium |
| Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | ||||
| CVE-2022-1282 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. | ||||
| CVE-2022-1275 | 1 Stillbreathing | 1 Bannerman | 2024-11-21 | 4.8 Medium |
| The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) | ||||
| CVE-2022-1274 | 1 Redhat | 10 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Ibm Z Systems Eus and 7 more | 2024-11-21 | 5.4 Medium |
| A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. | ||||
| CVE-2022-1269 | 1 Fastflow | 1 Fastflow | 2024-11-21 | 6.1 Medium |
| The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1268 | 1 Donate Extra Project | 1 Donate Extra | 2024-11-21 | 6.1 Medium |
| The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | ||||
| CVE-2022-1267 | 1 Bmi Bmr Calculator Project | 1 Bmi Bmr Calculator | 2024-11-21 | 6.1 Medium |
| The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-1266 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2024-11-21 | 4.8 Medium |
| The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-1265 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 4.8 Medium |
| The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-1255 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 4.8 Medium |
| The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues | ||||
| CVE-2022-1250 | 1 Lifterlms | 1 Lifterlms | 2024-11-21 | 6.1 Medium |
| The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-1241 | 1 2code | 1 Ask Me | 2024-11-21 | 6.1 Medium |
| The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues | ||||