• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-0360

February 23, 2023 by

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues

CVE-2022-0364

February 23, 2023 by

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

CVE-2022-0370

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v.

CVE-2022-0372

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in Packagist bytefury/crater prior to 6.0.2.

CVE-2022-0374

February 23, 2023 by

Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v.

CVE-2022-0232

February 23, 2023 by

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 2166
  • Go to page 2167
  • Go to page 2168
  • Go to page 2169
  • Go to page 2170
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE