• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1915
2022-06-28
N/A
4.8 MEDIUM
The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)
CVE-2022-1914
2022-07-06
N/A
4.3 MEDIUM
The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well
CVE-2022-1913
2022-07-06
N/A
4.3 MEDIUM
The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
CVE-2022-1912
2022-07-25
N/A
8.8 HIGH
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2022-1911
2022-12-02
N/A
5.3 MEDIUM
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
CVE-2022-1910
2022-07-15
N/A
6.1 MEDIUM
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting
CVE-2022-1909
2022-06-03
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.
CVE-2022-1908
2022-06-03
N/A
8.1 HIGH
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.
CVE-2022-1907
2022-06-03
N/A
8.1 HIGH
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.
CVE-2022-1906
2022-08-04
N/A
6.1 MEDIUM
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
« Previous 1 … 10,912 10,913 10,914 10,915 10,916 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE