CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-0316 The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress t... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3425 The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable g... | 7.2 | HIGH | — | 0 |
| CVE-2022-3811 The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scri... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-41505 An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-4017 The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CS... | 8.8 | HIGH | — | 0 |
| CVE-2022-4230 The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to u... | 8.8 | HIGH | — | 0 |
| CVE-2022-4303 The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions ... | 7.5 | HIGH | — | 0 |
| CVE-2022-4305 The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4307 The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered whe... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-4323 The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable g... | 7.2 | HIGH | — | 0 |
| CVE-2022-4346 The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-4383 The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4443 The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-4467 The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4474 The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4475 The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4485 The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribut... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4509 The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4542 The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4545 The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4548 The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-40034 Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4570 The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4576 The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role a... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4624 The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as co... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4625 The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4627 The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribu... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4629 The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a r... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4650 The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-46639 A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | 7.5 | HIGH | — | 0 |
| CVE-2022-4668 The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4672 The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a r... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4673 The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scri... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4675 The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-S... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4693 The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose usern... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4706 The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4715 The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4716 The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contr... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4718 The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as l... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4746 The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by t... | 7.5 | HIGH | — | 0 |
| CVE-2022-4751 The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4753 The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4758 The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4760 The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-22630 IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-4775 The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4789 The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4790 The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform St... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4832 The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-24096 TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows atta... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.