CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-3836 The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-3899 The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious reque... | 8.1 | HIGH | — | 0 |
| CVE-2023-0079 The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embe... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0224 The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | 9.8 | CRITICAL | — | 0 |
| CVE-2023-0376 The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the co... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-0389 The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-0479 The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means t... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-0769 The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be u... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-0824 The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-i... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1405 The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. | 7.5 | HIGH | — | 0 |
| CVE-2023-2252 The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | 2.7 | LOW | — | 0 |
| CVE-2023-2655 The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege u... | 7.2 | HIGH | — | 0 |
| CVE-2023-3178 The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability de... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3211 The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3372 The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows us... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-3647 The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting att... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-3771 The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4536 The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the ser... | 8.8 | HIGH | — | 0 |
| CVE-2023-4703 The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any us... | 7.5 | HIGH | — | 0 |
| CVE-2024-11505 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2023-4757 The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing use... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-4797 The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run a... | 7.2 | HIGH | — | 0 |
| CVE-2023-5922 The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the rig... | 7.5 | HIGH | — | 0 |
| CVE-2023-6005 The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stor... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-6046 The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the u... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-6292 The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a C... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6373 The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the la... | 8.8 | HIGH | — | 0 |
| CVE-2024-29273 There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-6592 The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-6732 The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting at... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-6741 The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-6824 The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-7083 The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-7084 The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks | 5.4 | MEDIUM | — | 0 |
| CVE-2023-7125 The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-22919 swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | 7.8 | HIGH | — | 0 |
| CVE-2024-0233 The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site S... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-0235 The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0236 The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtu... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0237 The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-0238 The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plug... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4969 A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-49351 A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12154 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-0579 A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-37523 Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. | 5.6 | MEDIUM | — | 0 |
| CVE-2024-22625 Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. | 7.2 | HIGH | — | 0 |
| CVE-2024-22626 Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. | 7.2 | HIGH | — | 0 |
| CVE-2024-22627 Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. | 7.2 | HIGH | — | 0 |
| CVE-2024-22628 Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.