Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total808
Critical39
High132
Medium616
Reset
Showing 461-480 of 808 records
Threat Entry Updated 2024-11-21

CVE-2022-1532 - Before 1 Plugin

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Before 1

CVE-2022-1532

MEDIUM CVSS 6.1 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0626 - Before 1 Plugin

The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.

PLUGIN Before 1

CVE-2022-0626

MEDIUM CVSS 6.1 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1335 - Before 1 Plugin

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

PLUGIN Before 1

CVE-2022-1335

MEDIUM CVSS 4.8 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1692 - Before 1 Plugin

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack

PLUGIN Before 1

CVE-2022-1692

CRITICAL CVSS 9.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1673 - Before 1 Plugin

The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.

PLUGIN Before 1

CVE-2022-1673

MEDIUM CVSS 6.1 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1691 - Before 1 Plugin

The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

PLUGIN Before 1

CVE-2022-1691

MEDIUM CVSS 4.9 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1647 - Before 1 Plugin

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Before 1

CVE-2022-1647

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-12-05

CVE-2022-0788 - Before 1 Plugin

The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users

PLUGIN Before 1

CVE-2022-0788

CRITICAL CVSS 9.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1570 - Before 1 Plugin

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.

PLUGIN Before 1

CVE-2022-1570

MEDIUM CVSS 6.5 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1569 - Before 1 Plugin

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

PLUGIN Before 1

CVE-2022-1569

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1541 - Before 1 Plugin

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Before 1

CVE-2022-1541

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1469 - Before 1 Plugin

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

PLUGIN Before 1

CVE-2022-1469

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1394 - Before 1 Plugin

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

PLUGIN Before 1

CVE-2022-1394

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1611 - Before 1 Plugin

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

PLUGIN Before 1

CVE-2022-1611

HIGH CVSS 8.8 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2026-01-14

CVE-2022-1589 - Before 1 Plugin

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector

PLUGIN Before 1

CVE-2022-1589

HIGH CVSS 7.5 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1583 - Before 1 Plugin

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

PLUGIN Before 1

CVE-2022-1583

MEDIUM CVSS 6.5 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1582 - Before 1 Plugin

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

PLUGIN Before 1

CVE-2022-1582

MEDIUM CVSS 6.1 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1528 - Before 1 Plugin

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

PLUGIN Before 1

CVE-2022-1528

MEDIUM CVSS 6.1 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1562 - Before 1 Plugin

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

PLUGIN Before 1

CVE-2022-1562

MEDIUM CVSS 5.4 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1566 - Before 1 Plugin

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file

PLUGIN Before 1

CVE-2022-1566

MEDIUM CVSS 4.8 2022-05-30
Open Full Technical Breakdown
Scroll to top