CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
2022-02-19
N/A
5.4 MEDIUM
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2022-02-28
N/A
4.3 MEDIUM
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting