ποΈ CVE-2022-0087
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
ποΈ CVE-2022-0140
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form
ποΈ CVE-2022-0147
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape us
ποΈ CVE-2022-0150
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the w
ποΈ CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter befo
ποΈ CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin
ποΈ CVE-2022-0206
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before
ποΈ CVE-2022-0212
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback paramet
ποΈ CVE-2022-0220
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, availab
ποΈ CVE-2022-0148
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2
ποΈ CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site
ποΈ CVE-2022-0234
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency p
ποΈ CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id
ποΈ CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice befo
ποΈ CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in
ποΈ CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid paramete
ποΈ CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated
ποΈ CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio
ποΈ CVE-2022-0228
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby an
ποΈ CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter whi
ποΈ CVE-2022-0412
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress pl
ποΈ CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6
ποΈ CVE-2022-0422
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_cu
ποΈ CVE-2022-0424
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisa
ποΈ CVE-2022-0281
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior
ποΈ CVE-2022-0432
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
ποΈ CVE-2022-0434
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids paramet
ποΈ CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
ποΈ CVE-2022-0288
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do no
ποΈ CVE-2022-0441
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when regist
ποΈ CVE-2022-0533
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cro
ποΈ CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter bef
ποΈ CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which c
ποΈ CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by
ποΈ CVE-2022-0378
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0381
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficie
ποΈ CVE-2022-0651
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p
ποΈ CVE-2022-0653
The Profile Builder β User Profile & User Registration Forms WordPress plugin is vulnerable to Cross
ποΈ CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in i
ποΈ CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prio
ποΈ CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.
ποΈ CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidi
ποΈ CVE-2022-0747
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id paramet
ποΈ CVE-2022-0760
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id par
ποΈ CVE-2022-0773
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is b
ποΈ CVE-2022-0776
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
ποΈ CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_g
ποΈ CVE-2022-0594
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does no
ποΈ CVE-2022-0595
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be upload
ποΈ CVE-2022-0597
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0599
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and esca
ποΈ CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter
ποΈ CVE-2022-0678
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0679
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path pa
ποΈ CVE-2022-0692
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.
ποΈ CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter
ποΈ CVE-2022-0769
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target
ποΈ CVE-2022-0781
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before usi
ποΈ CVE-2022-0784
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id paramet
ποΈ CVE-2022-0785
The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month para
ποΈ CVE-2022-0786
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using
ποΈ CVE-2022-0787
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape
ποΈ CVE-2022-0788
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitis
ποΈ CVE-2022-0814
The Ubigeo de PerΓΊ para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and esc
ποΈ CVE-2022-0817
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it
ποΈ CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
ποΈ CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before
ποΈ CVE-2022-0827
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before usi
ποΈ CVE-2022-0846
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id
ποΈ CVE-2022-0864
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape
ποΈ CVE-2022-0867
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied
ποΈ CVE-2022-0869
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
ποΈ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
ποΈ CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the
ποΈ CVE-2022-0899
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before
ποΈ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
ποΈ CVE-2022-0948
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id
ποΈ CVE-2022-0949
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin
ποΈ CVE-2022-0952
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks whe
ποΈ CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autoresp
ποΈ CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.1
ποΈ CVE-2022-0968
The microweber application allows large characters to insert in the input field 'fist & last name' w
ποΈ CVE-2022-1007
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room pa
ποΈ CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST
ποΈ CVE-2022-1020
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have auth
ποΈ CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to e
ποΈ CVE-2022-1054
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation c
ποΈ CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and e
ποΈ CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
ποΈ CVE-2022-1119
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via theΒ eeFile parame
ποΈ CVE-2022-1162
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, S
ποΈ CVE-2022-1168
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before
ποΈ CVE-2022-1170
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the
ποΈ CVE-2022-1221
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parame
ποΈ CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of severa
ποΈ CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a param
ποΈ CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p
ποΈ CVE-2022-1390
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given
ποΈ CVE-2022-1391
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter bef
ποΈ CVE-2022-1392
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it
ποΈ CVE-2022-1398
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and
ποΈ CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior t
ποΈ CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper acces
ποΈ CVE-2022-1574
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importin
ποΈ CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a sp
ποΈ CVE-2022-1597
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not
ποΈ CVE-2022-1598
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks aut
ποΈ CVE-2022-1609
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's
ποΈ CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as
ποΈ CVE-2022-1724
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters