Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total116
Critical2
High25
Medium84
Reset
Showing 81-100 of 116 records
Threat Entry Updated 2025-05-09

CVE-2022-3391 - Through 0 Plugin

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Through 0

CVE-2022-3391

MEDIUM CVSS 4.8 2022-10-25
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2022-3131 - Through 0 Plugin

The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

PLUGIN Through 0

CVE-2022-3131

HIGH CVSS 7.2 2022-10-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1663 - Through 0 Plugin

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.

PLUGIN Through 0

CVE-2022-1663

MEDIUM CVSS 6.5 2022-08-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2412 - Through 0 Plugin

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Through 0

CVE-2022-2412

MEDIUM CVSS 4.8 2022-08-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2328 - Through 0 Plugin

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Through 0

CVE-2022-2328

MEDIUM CVSS 4.8 2022-08-01
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1846 - Through 0 Plugin

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 0

CVE-2022-1846

MEDIUM CVSS 4.3 2022-06-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1832 - Through 0 Plugin

The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection.

PLUGIN Through 0

CVE-2022-1832

MEDIUM CVSS 6.5 2022-06-20
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1814 - Through 0 Plugin

The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

PLUGIN Through 0

CVE-2022-1814

MEDIUM CVSS 4.8 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1793 - Through 0 Plugin

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public

PLUGIN Through 0

CVE-2022-1793

MEDIUM CVSS 4.3 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1790 - Through 0 Plugin

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

PLUGIN Through 0

CVE-2022-1790

MEDIUM CVSS 6.5 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1412 - Through 0 Plugin

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.

PLUGIN Through 0

CVE-2022-1412

HIGH CVSS 7.5 2022-06-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1690 - Through 0 Plugin

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

PLUGIN Through 0

CVE-2022-1690

LOW CVSS 2.7 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1689 - Through 0 Plugin

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection

PLUGIN Through 0

CVE-2022-1689

LOW CVSS 2.7 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1688 - Through 0 Plugin

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections

PLUGIN Through 0

CVE-2022-1688

LOW CVSS 2.7 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1275 - Through 0 Plugin

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)

PLUGIN Through 0

CVE-2022-1275

MEDIUM CVSS 4.8 2022-05-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1221 - Through 0 Plugin

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.

PLUGIN Through 0

CVE-2022-1221

MEDIUM CVSS 6.1 2022-05-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1156 - Through 0 Plugin

The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Through 0

CVE-2022-1156

MEDIUM CVSS 4.8 2022-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0499 - Through 0 Plugin

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

PLUGIN Through 0

CVE-2022-0499

HIGH CVSS 8.8 2022-03-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0620 - Through 0 Plugin

The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

PLUGIN Through 0

CVE-2022-0620

MEDIUM CVSS 6.1 2022-03-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25007 - Through 0 Plugin

The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection

PLUGIN Through 0

CVE-2021-25007

CRITICAL CVSS 9.8 2022-03-14
Open Full Technical Breakdown
Scroll to top