6612 matches found
Information Disclosure
rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: PAM Auth Plugin component, allowing attackers to modify the critical data or all MySQL Server accessible data through the multiple protocols...
CVE-2022-45082
Multiple Auth. admin+ Stored Cross-Site Scripting XSS vulnerabilities in Accordions plugin = 2.0.3 on WordPress via &addons-style-name and &accordionsorfaqslicensekey...
CVE-2022-43492
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
CVE-2022-40963
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
Arbitrary file deletion
Auth. admin+ Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin = 1.1.12 on WordPress...
Cross site scripting
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
CVE-2022-40216
CVE-2022-40216 affects the WordPress Better Messages plugin. Affected versions are
CVE-2022-40130 WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability
Auth. subscriber+ Race Condition vulnerability in WP-Polls plugin = 2.76.0 on WordPress...
CVE-2022-40130
The CVE-2022-40130 entry documents a race-condition vulnerability in the WordPress WP-Polls plugin, affecting versions up to and including 2.76.0. The issue allows authenticated users (subscriber+ level) to tamper with poll votes due to improper synchronization. Remediation according to the sourc...
CVE-2022-41655
CVE-2022-41655 affects the WordPress plugin Phone Orders for WooCommerce (versions ≤ 3.7.1). The root issue is a sensitive data exposure that is accessible to authenticated users with subscriber-level privileges (and higher). Documented impact is exposure of Auth. (subscriber+) data. The vulnerab...
CVE-2022-41643
CVE-2022-41643 affects the WordPress Accessibility plugin (versions ≤ 1.0.3). The root cause is a stored XSS vulnerability in the plugin’s settings that requires admin+ privileges to exploit. Impact is limited to authenticated users with high privileges; CVSS vectors in the source material indica...
CVE-2022-40963
CVE-2022-40963 concerns the WordPress plugin WP Page Builder (versions ≤ 1.2.6). The vulnerability is a Stored XSS in which parameters are not properly sanitized/escaped, enabling authenticated users with Author+ privileges to inject scripts. Impact is cross-site scripting within WordPress pages ...
CVE-2022-40963 WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
CVE-2022-42459
CVE-2022-42459 affects the WordPress Image Hover Effects Ultimate plugin (versions
CVE-2022-42459 WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...
CVE-2022-45082
The CVE-2022-45082 entries describe stored XSS in WordPress Accordions plugin versions
WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability
Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...
Cross site scripting
Auth. Stored Cross-Site Scripting XSS vulnerability in Ezoic plugin = 2.8.8 on WordPress...
CVE-2022-45069
CVE-2022-45069 affects the WordPress Crowdsignal Dashboard plugin, versions
CVE-2022-44736
The CVE-2022-44736 entry describes a stored XSS vulnerability in the WordPress Chameleon plugin, affecting versions 1.4.3 and earlier. The root cause is improper sanitisation/escaping of settings, enabling authenticated (admin+) users to inject script into stored fields. Impact is limited to admi...