Lucene search
K

6612 matches found

Veracode
Veracode
added 2022/11/19 12:47 a.m.83 views

Information Disclosure

rh-mysql80-mysql is vulnerable to information disclosure. The vulnerability exists in the Server: PAM Auth Plugin component, allowing attackers to modify the critical data or all MySQL Server accessible data through the multiple protocols...

4.9CVSS5.8AI score0.00866EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2022/11/18 11:15 p.m.12 views

CVE-2022-45082

Multiple Auth. admin+ Stored Cross-Site Scripting XSS vulnerabilities in Accordions plugin = 2.0.3 on WordPress via &addons-style-name and &accordionsorfaqslicensekey...

4.8CVSS0.00404EPSS
Exploits0References2
NVD
NVD
added 2022/11/18 11:15 p.m.12 views

CVE-2022-43492

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

8.8CVSS0.00593EPSS
Exploits0References2
NVD
NVD
added 2022/11/18 11:15 p.m.14 views

CVE-2022-40963

Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...

5.4CVSS0.00409EPSS
Exploits0References2
Prion
Prion
added 2022/11/18 11:15 p.m.10 views

Arbitrary file deletion

Auth. admin+ Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin = 1.1.12 on WordPress...

3.3CVSS5.1AI score0.00676EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/18 11:15 p.m.15 views

Cross site scripting

Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...

4.9CVSS5.4AI score0.00409EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/18 10:33 p.m.51 views

CVE-2022-40216

CVE-2022-40216 affects the WordPress Better Messages plugin. Affected versions are

6.5CVSS5.4AI score0.00447EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/18 10:31 p.m.24 views

CVE-2022-40130 WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability

Auth. subscriber+ Race Condition vulnerability in WP-Polls plugin = 2.76.0 on WordPress...

4.3CVSS5AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2022/11/18 10:31 p.m.67 views

CVE-2022-40130

The CVE-2022-40130 entry documents a race-condition vulnerability in the WordPress WP-Polls plugin, affecting versions up to and including 2.76.0. The issue allows authenticated users (subscriber+ level) to tamper with poll votes due to improper synchronization. Remediation according to the sourc...

4.3CVSS4AI score0.00382EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/18 10:22 p.m.69 views

CVE-2022-41655

CVE-2022-41655 affects the WordPress plugin Phone Orders for WooCommerce (versions ≤ 3.7.1). The root issue is a sensitive data exposure that is accessible to authenticated users with subscriber-level privileges (and higher). Documented impact is exposure of Auth. (subscriber+) data. The vulnerab...

6.5CVSS5.4AI score0.00591EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/18 10:21 p.m.51 views

CVE-2022-41643

CVE-2022-41643 affects the WordPress Accessibility plugin (versions ≤ 1.0.3). The root cause is a stored XSS vulnerability in the plugin’s settings that requires admin+ privileges to exploit. Impact is limited to authenticated users with high privileges; CVSS vectors in the source material indica...

4.8CVSS4.8AI score0.00412EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/18 10:19 p.m.53 views

CVE-2022-40963

CVE-2022-40963 concerns the WordPress plugin WP Page Builder (versions ≤ 1.2.6). The vulnerability is a Stored XSS in which parameters are not properly sanitized/escaped, enabling authenticated users with Author+ privileges to inject scripts. Impact is cross-site scripting within WordPress pages ...

5.4CVSS5.2AI score0.00409EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/18 10:19 p.m.18 views

CVE-2022-40963 WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...

4.8CVSS5.6AI score0.00409EPSS
Exploits0References2
CVE
CVE
added 2022/11/18 10:17 p.m.69 views

CVE-2022-42459

CVE-2022-42459 affects the WordPress Image Hover Effects Ultimate plugin (versions

7.2CVSS7AI score0.00798EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/18 10:17 p.m.24 views

CVE-2022-42459 WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

7.2CVSS7.2AI score0.00798EPSS
Exploits0References2
CVE
CVE
added 2022/11/18 9:59 p.m.66 views

CVE-2022-45082

The CVE-2022-45082 entries describe stored XSS in WordPress Accordions plugin versions

4.8CVSS4.6AI score0.00404EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/11/18 12:0 a.m.21 views

WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability

Auth. Broken Access Control vulnerability leading to arbitrary feed creation discovered by Tien Nguyen Anh Patchstack Alliance in the WordPress Plugin for Google Reviews plugin versions = 2.2.2. Solution Update the WordPress Plugin for Google Reviews plugin to the latest available version at leas...

4.3CVSS3.9AI score0.00497EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/11/17 11:15 p.m.10 views

Cross site scripting

Auth. Stored Cross-Site Scripting XSS vulnerability in Ezoic plugin = 2.8.8 on WordPress...

4.3CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/17 10:18 p.m.61 views

CVE-2022-45069

CVE-2022-45069 affects the WordPress Crowdsignal Dashboard plugin, versions

8.8CVSS7.4AI score0.00697EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/17 10:16 p.m.63 views

CVE-2022-44736

The CVE-2022-44736 entry describes a stored XSS vulnerability in the WordPress Chameleon plugin, affecting versions 1.4.3 and earlier. The root cause is improper sanitisation/escaping of settings, enabling authenticated (admin+) users to inject script into stored fields. Impact is limited to admi...

4.8CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder