Archives: Reports

CVE ID:

CVE-2023-0166

WordPress Plugin

woocommerce-products-slider

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0280

WordPress Plugin

ultimate-carousel-for-elementor

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0282

WordPress Plugin

yourchannel

Vulnerability Type:

Cross-Site Scripting (XSS),
Missing Authorization

Date:

2022-12-24

The plugin contains a Missing Authorization vulnerability due to a missing capability check in the yrc_save_lang AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to access functionality. The plugin also contains a Cross-Site Scripting (XSS) vulnerability, due to the plugin does not sanitize and escape some parameters, which makes it possible to inject arbitrary web scripts.

Read More

CVE ID:

CVE-2022-4827

WordPress Plugin

wp-tiles

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0267

WordPress Plugin

ultimate-carousel-for-visual-composer

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0268

WordPress Plugin

mega-addons-for-visual-composer

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4828

WordPress Plugin

bold-timeline-lite

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4826

WordPress Plugin

simple-tooltips

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4825

WordPress Plugin

wp-showhide

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4824

WordPress Plugin

wp-blog-and-widgets

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4838

WordPress Plugin

clean-login

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0212

WordPress Plugin

advanced-recent-posts

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0177

WordPress Plugin

like-box

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4833

WordPress Plugin

yourchannel

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4832

WordPress Plugin

agile-store-locator

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4831

WordPress Plugin

pmpro-register-helper

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4830

WordPress Plugin

paid-memberships-pro

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4829

WordPress Plugin

show-hidecollapse-expand

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-24

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4761

WordPress Plugin

baw-post-views-count

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4777

WordPress Plugin

bootstrap-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4762

WordPress Plugin

materialis-companion

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4763

WordPress Plugin

icon-widget

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4765

WordPress Plugin

portfolio-elementor

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4764

WordPress Plugin

simple-file-downloader

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4837

WordPress Plugin

cpo-companion

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-23

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More