Show filters
51 Total Results
Displaying 31-40 of 51
Sort by:
Attacker Value
Unknown
CVE-2022-41692
Disclosure Date: October 30, 2022 (last updated December 22, 2024)
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
0
Attacker Value
Unknown
CVE-2022-41805
Disclosure Date: October 28, 2022 (last updated December 22, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
0
Attacker Value
Unknown
CVE-2021-36899
Disclosure Date: September 28, 2022 (last updated October 08, 2023)
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
0
Attacker Value
Unknown
CVE-2022-2846
Disclosure Date: August 16, 2022 (last updated February 24, 2025)
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
0
Attacker Value
Unknown
CVE-2022-2169
Disclosure Date: July 17, 2022 (last updated February 24, 2025)
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
0
Attacker Value
Unknown
CVE-2022-1710
Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
0
Attacker Value
Unknown
CVE-2022-1692
Disclosure Date: June 08, 2022 (last updated February 23, 2025)
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
0
Attacker Value
Unknown
CVE-2022-0448
Disclosure Date: March 07, 2022 (last updated February 23, 2025)
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
0
Attacker Value
Unknown
CVE-2021-24983
Disclosure Date: February 01, 2022 (last updated February 23, 2025)
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue
0
Attacker Value
Unknown
CVE-2021-24937
Disclosure Date: February 01, 2022 (last updated February 23, 2025)
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue
0
