• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0602
2022-04-12
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
CVE-2022-0601
2022-03-21
N/A
6.1 MEDIUM
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0600
2022-03-31
N/A
6.1 MEDIUM
The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0599
2022-03-31
N/A
6.1 MEDIUM
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2022-0598
2022-10-26
N/A
4.8 MEDIUM
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0597
2022-02-23
N/A
6.1 MEDIUM
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0596
2022-02-23
N/A
4.3 MEDIUM
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0595
2022-03-31
N/A
5.4 MEDIUM
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
CVE-2022-0594
2022-11-05
N/A
5.3 MEDIUM
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
CVE-2022-0593
2022-03-21
N/A
6.5 MEDIUM
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
« Previous 1 … 11,037 11,038 11,039 11,040 11,041 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE