• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0200
Portfolio Post, Themify
Portfolio_post, Post_type_builder_search_addon, Shortcodes, Woocommerce_product_filter
2022-02-19
N/A
5.4 MEDIUM
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
CVE-2022-0199
Coming Soon And Maintenance Mode, Wpdevart
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2022-02-28
N/A
4.3 MEDIUM
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
CVE-2022-0198
2022-01-19
N/A
7.1 HIGH
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2022-0197
2022-02-22
N/A
8.8 HIGH
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0196
2022-02-22
N/A
8.8 HIGH
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0193
2022-02-22
N/A
6.1 MEDIUM
The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-0192
2022-05-04
N/A
7.8 HIGH
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
CVE-2022-0191
2022-05-09
N/A
6.5 MEDIUM
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans
CVE-2022-0190
2022-02-22
N/A
8.8 HIGH
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.
CVE-2022-0189
2022-03-08
N/A
6.1 MEDIUM
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
« Previous 1 … 11,075 11,076 11,077 11,078 11,079 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE