‼ CVE-2022-4657 ‼
📖 Read
via "National Vulnerability Database".
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4670 ‼
📖 Read
via "National Vulnerability Database".
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4664 ‼
📖 Read
via "National Vulnerability Database".
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4826 ‼
📖 Read
via "National Vulnerability Database".
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32643 ‼
📖 Read
via "National Vulnerability Database".
In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4762 ‼
📖 Read
via "National Vulnerability Database".
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0072 ‼
📖 Read
via "National Vulnerability Database".
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4825 ‼
📖 Read
via "National Vulnerability Database".
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32642 ‼
📖 Read
via "National Vulnerability Database".
In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4756 ‼
📖 Read
via "National Vulnerability Database".
The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4384 ‼
📖 Read
via "National Vulnerability Database".
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4459 ‼
📖 Read
via "National Vulnerability Database".
The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20618 ‼
📖 Read
via "National Vulnerability Database".
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4674 ‼
📖 Read
via "National Vulnerability Database".
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20619 ‼
📖 Read
via "National Vulnerability Database".
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4838 ‼
📖 Read
via "National Vulnerability Database".
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32595 ‼
📖 Read
via "National Vulnerability Database".
In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32656 ‼
📖 Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0686 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0234 ‼
📖 Read
via "National Vulnerability Database".
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0154 ‼
📖 Read
via "National Vulnerability Database".
The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".