Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-2426 - Through 1 Plugin
The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.
PLUGIN
Through 1
CVE-2022-2426
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2424 - Through 1 Plugin
The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-2424
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2423 - Through 1 Plugin
The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-2423
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2409 - Through 1 Plugin
The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2022-2409
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2367 - Through 1 Plugin
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
PLUGIN
Through 1
CVE-2022-2367
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2357 - Through 1 Plugin
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
PLUGIN
Through 1
CVE-2022-2357
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2305 - Through 1 Plugin
The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-2305
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2171 - Through 1 Plugin
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
PLUGIN
Through 1
CVE-2022-2171
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1585 - Through 1 Plugin
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
PLUGIN
Through 1
CVE-2022-1585
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1324 - Through 1 Plugin
The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 1
CVE-2022-1324
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2299 - Through 1 Plugin
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
PLUGIN
Through 1
CVE-2022-2299
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2341 - Through 1 Plugin
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-2341
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2149 - Through 1 Plugin
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2022-2149
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2148 - Through 1 Plugin
The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Through 1
CVE-2022-2148
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2146 - Through 1 Plugin
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting
PLUGIN
Through 1
CVE-2022-2146
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2123 - Through 1 Plugin
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.
PLUGIN
Through 1
CVE-2022-2123
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1956 - Through 1 Plugin
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
PLUGIN
Through 1
CVE-2022-1956
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1546 - Through 1 Plugin
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
PLUGIN
Through 1
CVE-2022-1546
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1626 - Through 1 Plugin
The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them
PLUGIN
Through 1
CVE-2022-1626
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1971 - Through 1 Plugin
The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Through 1
CVE-2022-1971
Risk Score