Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-03-06
CVE-2022-33965 - Visitor Statistics Plugin
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin
PLUGIN
Visitor Statistics
CVE-2022-33965
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-30998 - Homepage Product Organizer For Woocommerce Plugin
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin
PLUGIN
Homepage Product Organizer For Woocommerce
CVE-2022-30998
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-34487 - Shortcode Addons Plugin
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin
PLUGIN
Shortcode Addons
CVE-2022-34487
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-33198 - Accordions Plugin
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin
PLUGIN
Accordions
CVE-2022-33198
Risk Score
Threat Entry
Updated 2025-02-20
CVE-2022-28700 - Givewp Plugin
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin
PLUGIN
Givewp
CVE-2022-28700
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2022-2437 - Feed Them Social Plugin
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
PLUGIN
Feed Them Social
CVE-2022-2437
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2022-1952 - Restaurant And Car Rental Plugin
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
PLUGIN
Restaurant And Car Rental
CVE-2022-1952
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1057 - Pricing Deals For Woocommerce Plugin
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
PLUGIN
Pricing Deals For Woocommerce
CVE-2022-1057
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1953 - Product Configurator For Woocommerce Plugin
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first
PLUGIN
Product Configurator For Woocommerce
CVE-2022-1953
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1574 - Html2wp Plugin
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server
PLUGIN
Html2wp
CVE-2022-1574
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1905 - Events Made Easy Plugin
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
PLUGIN
Events Made Easy
CVE-2022-1905
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1768 - Rsvpmaker Plugin
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
PLUGIN
Rsvpmaker
CVE-2022-1768
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0885 - Member Hero Plugin
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
PLUGIN
Member Hero
CVE-2022-0885
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0827 - Bestbooks Plugin
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
PLUGIN
Bestbooks
CVE-2022-0827
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0786 - Before 2 Plugin
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
PLUGIN
Before 2
CVE-2022-0786
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1692 - Cp Image Store With Slideshow Plugin
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
PLUGIN
Cp Image Store With Slideshow
CVE-2022-1692
Risk Score
Threat Entry
Updated 2024-12-05
CVE-2022-0788 - Wp Fundraising Donation And Crowdfunding Platform Plugin
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
PLUGIN
Wp Fundraising Donation And Crowdfunding Platform
CVE-2022-0788
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1556 - Before 3 Plugin
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection
PLUGIN
Before 3
CVE-2022-1556
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1014 - Wp Contacts Manager Plugin
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.
PLUGIN
Wp Contacts Manager
CVE-2022-1014
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0781 - Nirweb Support Plugin
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection
PLUGIN
Nirweb Support
CVE-2022-0781
Risk Score