Lucene search

WordPress Security Vulnerabilities

cve

CVE-2022-4027

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible......

7.2CVSS

5.2AI Score

0.001EPSS

2022-11-29 09:15 PM

cve

CVE-2022-4029

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

4.7CVSS

4.6AI Score

0.001EPSS

2022-11-29 09:15 PM

cve

CVE-2022-34654

Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-28 08:15 PM

cve

CVE-2022-38140

Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-28 08:15 PM

cve

CVE-2022-3603

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV...

9.8CVSS

9.6AI Score

0.003EPSS

2022-11-28 02:15 PM

cve

CVE-2022-40206

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as...

6.3CVSS

4.5AI Score

0.001EPSS

2022-11-26 12:00 AM

cve

CVE-2022-44737

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on...

8.8CVSS

8.9AI Score

0.001EPSS

2022-11-22 04:15 PM

cve

CVE-2022-41609

Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-19 12:15 AM

cve

CVE-2022-41155

Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on...

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-19 12:15 AM

cve

CVE-2022-45369

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on...

4.3CVSS

4.6AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-44740

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on...

8.8CVSS

9AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-45082

Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and...

4.8CVSS

5AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-45073

Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-44584

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on...

9.1CVSS

9.2AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-44634

Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on...

4.9CVSS

5AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-42883

Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on...

7.5CVSS

7.3AI Score

0.002EPSS

2022-11-18 11:15 PM

cve

CVE-2022-42698

Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on...

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-18 11:15 PM

cve

CVE-2022-43492

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-44583

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on...

7.5CVSS

7.5AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-42459

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on...

7.2CVSS

6.9AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-42497

Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on...

10CVSS

9.6AI Score

0.003EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41788

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on...

5.4CVSS

5.3AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41839

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking...

5.3CVSS

5.2AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41685

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on...

8.8CVSS

9AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41615

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on...

6.1CVSS

6.2AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41618

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on...

5.3CVSS

5.2AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41643

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on...

4.8CVSS

4.8AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41655

Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on...

6.5CVSS

6.4AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41634

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-41135

Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on...

6.5CVSS

5.2AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-40963

Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on...

5.4CVSS

5.4AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-40698

Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on...

6.1CVSS

5.9AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-40695

Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on...

8.8CVSS

8.4AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-40130

Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= 2.76.0 on...

4.3CVSS

4.1AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-40216

Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on...

6.5CVSS

6.4AI Score

0.001EPSS

2022-11-18 11:15 PM

cve

CVE-2022-43482

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-18 08:15 PM

cve

CVE-2022-42461

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-18 08:15 PM

cve

CVE-2022-41805

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on...

5.4CVSS

4.7AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-41692

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-41840

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on...

9.8CVSS

8.4AI Score

0.016EPSS

2022-11-18 07:15 PM

cve

CVE-2022-41652

Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on...

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-18 07:15 PM

cve

CVE-2022-38075

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on...

6.1CVSS

6.1AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-38974

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation...

4.3CVSS

4.5AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-40687

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-40686

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-18 07:15 PM

cve

CVE-2022-44591

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on...

4.8CVSS

4.8AI Score

0.001EPSS

2022-11-17 11:15 PM

cve

CVE-2022-45066

Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on...

8.8CVSS

8.6AI Score

0.001EPSS

2022-11-17 11:15 PM

cve

CVE-2022-45069

Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-17 11:15 PM

cve

CVE-2022-45077

Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on...

8.8CVSS

8.9AI Score

0.001EPSS

2022-11-17 11:15 PM

cve

CVE-2022-44736

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on...

4.8CVSS

4.8AI Score

0.001EPSS

2022-11-17 11:15 PM

Total number of security vulnerabilities2072