• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0642
2022-06-13
N/A
5.4 MEDIUM
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.
CVE-2022-0641
2022-03-31
N/A
6.1 MEDIUM
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0640
Pricing Table Builder, Wpdevart
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2022-03-28
N/A
6.1 MEDIUM
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0639
2023-02-23
N/A
5.3 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0638
2022-02-25
N/A
4.3 MEDIUM
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0637
2023-02-17
N/A
N/A
There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.
CVE-2022-0636
2022-05-04
N/A
5.5 MEDIUM
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.
CVE-2022-0635
Baseboard Management Controller H700s Firmware, Netapp
500f, 500f_firmware, 7-mode_transition_tool, 8300, 8300_firmware, 8700, 8700_firmware, A220, A220_firmware, A250
2022-06-01
N/A
7.5 HIGH
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
CVE-2022-0634
2022-05-12
N/A
4.3 MEDIUM
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request.
CVE-2022-0633
2022-02-18
N/A
6.5 MEDIUM
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.
« Previous 1 … 11,033 11,034 11,035 11,036 11,037 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE