Export limit exceeded: 45636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29415 | 1 Ravpage Project | 1 Ravpage | 2025-02-20 | 6.1 Medium |
| Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. | ||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | ||||
| CVE-2024-4720 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 3.5 Low |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-36912 | 1 Google-news-sitemap Project | 1 Google-news-sitemap | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | ||||
| CVE-2022-29421 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | ||||
| CVE-2022-29422 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | ||||
| CVE-2022-29433 | 1 Donations Project | 1 Donations | 2025-02-20 | 4.1 Medium |
| Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | ||||
| CVE-2022-29436 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2025-02-20 | 4.7 Medium |
| Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | ||||
| CVE-2022-25617 | 1 Codesnippets | 1 Code Snippets | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. | ||||
| CVE-2022-29449 | 1 Wpopal | 1 Opal Hotel Room Booking | 2025-02-20 | 4.1 Medium |
| Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | ||||
| CVE-2022-29424 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-20 | 4.8 Medium |
| Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. | ||||
| CVE-2022-29425 | 1 Wpwham | 1 Checkout Files Upload For Woocommerce | 2025-02-20 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. | ||||
| CVE-2022-29426 | 1 2joomla | 1 2j Slideshow | 2025-02-20 | 5.4 Medium |
| Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | ||||
| CVE-2022-29428 | 1 Muneeb | 1 Wp Slider | 2025-02-20 | 4.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. | ||||
| CVE-2022-29430 | 1 Png To Jpg Project | 1 Png To Jpg | 2025-02-20 | 4.7 Medium |
| Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | ||||
| CVE-2022-29432 | 1 Tms-outsource | 1 Wpdatatables | 2025-02-20 | 3.4 Low |
| Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | ||||
| CVE-2022-29408 | 1 Vsourz | 1 Advanced Cf7 Db | 2025-02-20 | 4.7 Medium |
| Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | ||||
| CVE-2021-36866 | 1 Fatcatapps | 1 Easy Pricing Tables | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | ||||