Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-20
CVE-2022-33142 - Better Messages Plugin
Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin
PLUGIN
Better Messages
CVE-2022-33142
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2594 - Advanced Custom Fields Plugin
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
PLUGIN
Advanced Custom Fields
CVE-2022-2594
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2557 - Before 4 Plugin
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user
PLUGIN
Before 4
CVE-2022-2557
Risk Score
Threat Entry
Updated 2026-02-02
CVE-2022-2551 - Before 1 Plugin
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
PLUGIN
Before 1
CVE-2022-2551
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2544 - Before 1 Plugin
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
PLUGIN
Before 1
CVE-2022-2544
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2593 - Better Search Replace Plugin
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks
PLUGIN
Better Search Replace
CVE-2022-2593
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2022-2362 - Download Manager Plugin
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
PLUGIN
Download Manager
CVE-2022-2362
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-25812 - Transposh Wordpress Translation Plugin
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE
PLUGIN
Transposh Wordpress Translation
CVE-2022-25812
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-25811 - Transposh Wordpress Translation Plugin
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
PLUGIN
Transposh Wordpress Translation
CVE-2022-25811
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2381 - E Unlocked Student Result Plugin
The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack
PLUGIN
E Unlocked Student Result
CVE-2022-2381
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2379 - Easy Student Results Plugin
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
PLUGIN
Easy Student Results
CVE-2022-2379
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2354 - Wp Dbmanager Plugin
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.
PLUGIN
Wp Dbmanager
CVE-2022-2354
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2356 - Before 1 Plugin
The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.
PLUGIN
Before 1
CVE-2022-2356
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2367 - Wsm Downloader Plugin
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation
PLUGIN
Wsm Downloader
CVE-2022-2367
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2357 - Wsm Downloader Plugin
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.
PLUGIN
Wsm Downloader
CVE-2022-2357
Risk Score
Threat Entry
Updated 2025-02-20
CVE-2022-34154 - Enable Svg Webp Ico Upload Plugin
Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin
PLUGIN
Enable Svg Webp Ico Upload
CVE-2022-34154
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2273 - Simple Membership Plugin
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
PLUGIN
Simple Membership
CVE-2022-2273
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2245 - Before 1 Plugin
The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
PLUGIN
Before 1
CVE-2022-2245
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2184 - Before 7 Plugin
The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.
PLUGIN
Before 7
CVE-2022-2184
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-1585 - Project Source Code Download Plugin
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
PLUGIN
Project Source Code Download
CVE-2022-1585
Risk Score