Archives: Reports

CVE ID:

CVE-2022-4693

WordPress Plugin

user-verification

Vulnerability Type:

Authentication Bypass

Date:

2022-12-21

The plugin contains an Auth Bypass vulnerability. To bypass authentication, the attacker only needs to know the user’s username. Depending on the username, which can be easily queried because it is usually public data, the attacker may even get an administrator role on the website.

Read More

CVE ID:

CVE-2023-0431

WordPress Plugin

file-away

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4652

WordPress Plugin

video-background

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4657

WordPress Plugin

menu-ordering-reservations

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4786

WordPress Plugin

videojs-html5-video-player-for-wordpress

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4788

WordPress Plugin

dirtysuds-embed-pdf

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4661

WordPress Plugin

woo-products-widgets-for-elementor

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0034

WordPress Plugin

jetwidgets-for-elementor

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4653

WordPress Plugin

greenshift-animation-and-page-builder-blocks

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4658

WordPress Plugin

rss-import

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4678

WordPress Plugin

templatesnext-toolkit

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4679

WordPress Plugin

wufoo-shortcode

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4655

WordPress Plugin

usc-e-shop

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4649

WordPress Plugin

wp-extended-search

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4656

WordPress Plugin

wp-stats-manager

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4654

WordPress Plugin

easy-pricing-tables

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4784

WordPress Plugin

hueman-addons

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4785

WordPress Plugin

video-sidebar-widgets

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2023-0395

WordPress Plugin

menu-shortcode

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4787

WordPress Plugin

themify-shortcodes

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4650

WordPress Plugin

hashbar-wp-notification-bar

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4651

WordPress Plugin

justified-gallery

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4676

WordPress Plugin

osm

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4782

WordPress Plugin

clickfunnels

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More

CVE ID:

CVE-2022-4795

WordPress Plugin

wc-gallery

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-20

The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated users with a role as low as contributor to inject arbitrary web scripts into pages.

Read More