CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Accept_stripe, All_in_one_wp_security_&_firewall, Category_specific_rss_feed_subscription, Compact_wp_audio_player, Donations_via_paypal, Easy_accept_payments_for_paypal, Far_future_expiry_header, Simple_download_monitor, Software_license_manager, Wordpress_simple_paypal_shopping_cart
2023-02-15
N/A
5.4 MEDIUM
The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2023-02-06
N/A
7.8 HIGH
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
Wp_airbnb_review_slider, Wp_google_review_slider, Wp_review_slider, Wp_tripadvisor_review_slider, Wp_yelp_review_slider
2023-02-15
N/A
8.8 HIGH
The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Wp_airbnb_review_slider, Wp_google_review_slider, Wp_review_slider, Wp_tripadvisor_review_slider, Wp_yelp_review_slider
2023-02-15
N/A
8.8 HIGH
The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Wp_airbnb_review_slider, Wp_google_review_slider, Wp_review_slider, Wp_tripadvisor_review_slider, Wp_yelp_review_slider
2023-02-15
N/A
8.8 HIGH
The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Wp_airbnb_review_slider, Wp_google_review_slider, Wp_review_slider, Wp_tripadvisor_review_slider, Wp_yelp_review_slider
2023-02-15
N/A
8.8 HIGH
The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Wp_airbnb_review_slider, Wp_google_review_slider, Wp_review_slider, Wp_tripadvisor_review_slider, Wp_yelp_review_slider
2023-02-15
N/A
8.8 HIGH
The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.