Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2022-1937 - Awin Data Feed Plugin

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

PLUGIN Awin Data Feed

CVE-2022-1937

MEDIUM CVSS 6.1 2022-07-11

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-1938 - Awin Data Feed Plugin

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

PLUGIN Awin Data Feed

CVE-2022-1938

MEDIUM CVSS 5.4 2022-07-11

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2022-1937 - Awin Data Feed Plugin

CVE-2022-1938 - Awin Data Feed Plugin

Company Links

Contact Us