CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-1588

2022-05-23

N/A

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2022-1587

2022-12-07

N/A

9.1 CRITICAL

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

CVE-2022-1586

2022-12-07

N/A

9.1 CRITICAL

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

CVE-2022-1585

2022-08-04

N/A

7.5 HIGH

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.

CVE-2022-1584

2022-05-11

N/A

6.1 MEDIUM

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim

CVE-2022-1583

2022-06-09

N/A

6.5 MEDIUM

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

CVE-2022-1582

2022-06-08

N/A

6.1 MEDIUM

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

CVE-2022-1581

2022-11-23

N/A

5.3 MEDIUM

The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

CVE-2022-1580

2022-09-21

N/A

4.3 MEDIUM

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

CVE-2022-1579

2022-11-23

N/A

7.5 HIGH

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.

« Previous 1 … 10,943 10,944 10,945 10,946 10,947 … 11,258 Next »