Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-1960 - Through 1 Plugin
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1960
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1914 - Through 1 Plugin
The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well
PLUGIN
Through 1
CVE-2022-1914
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1574 - Through 1 Plugin
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
PLUGIN
Through 1
CVE-2022-1574
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1572 - Through 1 Plugin
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file
PLUGIN
Through 1
CVE-2022-1572
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1593 - Through 1 Plugin
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1593
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1847 - Through 1 Plugin
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1847
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1844 - Through 1 Plugin
The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
PLUGIN
Through 1
CVE-2022-1844
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1573 - Through 1 Plugin
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them
PLUGIN
Through 1
CVE-2022-1573
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1326 - Through 1 Plugin
The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Through 1
CVE-2022-1326
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1831 - Through 1 Plugin
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1831
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1830 - Through 1 Plugin
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
PLUGIN
Through 1
CVE-2022-1830
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1792 - Through 1 Plugin
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them
PLUGIN
Through 1
CVE-2022-1792
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1765 - Through 1 Plugin
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).
PLUGIN
Through 1
CVE-2022-1765
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1758 - Through 1 Plugin
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.
PLUGIN
Through 1
CVE-2022-1758
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1779 - Through 1 Plugin
The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once.
PLUGIN
Through 1
CVE-2022-1779
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1773 - Through 1 Plugin
The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting
PLUGIN
Through 1
CVE-2022-1773
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1764 - Through 1 Plugin
The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
PLUGIN
Through 1
CVE-2022-1764
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1694 - Through 1 Plugin
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
PLUGIN
Through 1
CVE-2022-1694
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1624 - Through 1 Plugin
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1624
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1612 - Through 1 Plugin
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PLUGIN
Through 1
CVE-2022-1612
Risk Score