WordPress plugin – WPvivid Backup – CVE-2022-2863.
Posted by Rodolfo Tavares via Fulldisclosure on Oct 03 =====[ Tempest Security Intelligence - ADV-15/2022 ]========================== Wordpress plugin - WPvivid Backup - Version < 0.9.76...
CVE-2022-3128 (donation_thermometer)
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin...
CVE-2022-3132 (goolytics)
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting...
CVE-2022-3125 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like...
CVE-2022-3124 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of...
CVE-2022-2839 (zephyr_project_manager)
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users...
CVE-2022-2763 (wp_socializer)
The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as...
CVE-2022-2628 (dsgvo_all_in_one_for_wp)
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege...
CVE-2022-1480
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was...
CVE-2022-32173 (orchardcore)
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog...