Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total563
Critical20
High112
Medium421
Reset
Showing 421-440 of 563 records
Threat Entry Updated 2024-11-21

CVE-2022-1192 - Through 1 Plugin

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Through 1

CVE-2022-1192

MEDIUM CVSS 6.1 2022-05-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1557 - Through 1 Plugin

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings

PLUGIN Through 1

CVE-2022-1557

MEDIUM CVSS 5.4 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1559 - Through 1 Plugin

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

PLUGIN Through 1

CVE-2022-1559

MEDIUM CVSS 4.8 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1398 - Through 1 Plugin

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks

PLUGIN Through 1

CVE-2022-1398

MEDIUM CVSS 6.5 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1267 - Through 1 Plugin

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting

PLUGIN Through 1

CVE-2022-1267

MEDIUM CVSS 6.1 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1217 - Through 1 Plugin

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

PLUGIN Through 1

CVE-2022-1217

MEDIUM CVSS 6.1 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1216 - Through 1 Plugin

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

PLUGIN Through 1

CVE-2022-1216

MEDIUM CVSS 6.1 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1512 - Through 1 Plugin

The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Through 1

CVE-2022-1512

MEDIUM CVSS 4.8 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25119 - Through 1 Plugin

The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

PLUGIN Through 1

CVE-2021-25119

HIGH CVSS 7.2 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1062 - Through 1 Plugin

The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Through 1

CVE-2022-1062

MEDIUM CVSS 4.8 2022-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0826 - Through 1 Plugin

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

PLUGIN Through 1

CVE-2022-0826

CRITICAL CVSS 9.8 2022-05-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0625 - Through 1 Plugin

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

PLUGIN Through 1

CVE-2022-0625

MEDIUM CVSS 6.1 2022-05-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1338 - Through 1 Plugin

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN Through 1

CVE-2022-1338

MEDIUM CVSS 4.8 2022-05-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1281 - Through 1 Plugin

The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

PLUGIN Through 1

CVE-2022-1281

CRITICAL CVSS 9.8 2022-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0773 - Through 1 Plugin

The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.

PLUGIN Through 1

CVE-2022-0773

CRITICAL CVSS 9.8 2022-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0782 - Through 1 Plugin

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

PLUGIN Through 1

CVE-2022-0782

CRITICAL CVSS 9.8 2022-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1392 - Through 1 Plugin

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues

PLUGIN Through 1

CVE-2022-1392

HIGH CVSS 7.5 2022-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24805 - Through 1 Plugin

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.

PLUGIN Through 1

CVE-2021-24805

MEDIUM CVSS 4.3 2022-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24800 - Through 1 Plugin

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

PLUGIN Through 1

CVE-2021-24800

MEDIUM CVSS 4.3 2022-04-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1112 - Through 1 Plugin

The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack

PLUGIN Through 1

CVE-2022-1112

MEDIUM CVSS 5.4 2022-04-18
Open Full Technical Breakdown
Scroll to top