• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1695
Tipsandtricks-hq, Wp Simple Adsense Insertion
Accept_stripe, All_in_one_wp_security_&_firewall, Category_specific_rss_feed_subscription, Compact_wp_audio_player, Donations_via_paypal, Easy_accept_payments_for_paypal, Far_future_expiry_header, Simple_download_monitor, Software_license_manager, Wordpress_simple_paypal_shopping_cart
2022-06-15
N/A
4.3 MEDIUM
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
CVE-2022-1694
2022-06-17
N/A
6.5 MEDIUM
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
CVE-2022-1692
2022-06-15
N/A
9.8 CRITICAL
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
CVE-2022-1691
2023-01-31
N/A
4.9 MEDIUM
The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
CVE-2022-1690
2022-06-15
N/A
2.7 LOW
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
CVE-2022-1689
2022-06-15
N/A
2.7 LOW
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
CVE-2022-1688
2022-06-15
N/A
2.7 LOW
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
CVE-2022-1687
2022-06-15
N/A
2.7 LOW
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
CVE-2022-1686
2022-06-15
N/A
2.7 LOW
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection
CVE-2022-1685
2022-06-15
N/A
4.9 MEDIUM
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection
« Previous 1 … 10,933 10,934 10,935 10,936 10,937 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE