Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-2389 - Before 2 Plugin
The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations
PLUGIN
Before 2
CVE-2022-2389
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2382 - Before 2 Plugin
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.
PLUGIN
Before 2
CVE-2022-2382
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0446 - Before 2 Plugin
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 2
CVE-2022-0446
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2354 - Before 2 Plugin
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
PLUGIN
Before 2
CVE-2022-2354
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2152 - Before 2 Plugin
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 2
CVE-2022-2152
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2372 - Before 2 Plugin
The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2022-2372
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2371 - Before 2 Plugin
The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.
PLUGIN
Before 2
CVE-2022-2371
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2370 - Before 2 Plugin
The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them
PLUGIN
Before 2
CVE-2022-2370
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2369 - Before 2 Plugin
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
PLUGIN
Before 2
CVE-2022-2369
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2260 - Before 2 Plugin
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
PLUGIN
Before 2
CVE-2022-2260
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2215 - Before 2 Plugin
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 2
CVE-2022-2215
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2219 - Before 2 Plugin
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Before 2
CVE-2022-2219
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2115 - Before 2 Plugin
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
PLUGIN
Before 2
CVE-2022-2115
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2239 - Before 2 Plugin
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 2
CVE-2022-2239
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2194 - Before 2 Plugin
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Before 2
CVE-2022-2194
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24655 - Before 2 Plugin
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
PLUGIN
Before 2
CVE-2021-24655
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2090 - Before 2 Plugin
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
PLUGIN
Before 2
CVE-2022-2090
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2092 - Before 2 Plugin
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
PLUGIN
Before 2
CVE-2022-2092
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2050 - Before 2 Plugin
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
PLUGIN
Before 2
CVE-2022-2050
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1599 - Before 2 Plugin
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
PLUGIN
Before 2
CVE-2022-1599
Risk Score