Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | ||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2025-02-20 | 7.6 High |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | ||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2025-02-20 | 7.6 High |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2025-02-20 | 7.3 High |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | ||||
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2025-02-20 | 5.4 Medium |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | ||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2025-02-20 | 4.3 Medium |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | ||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2025-02-20 | 6.5 Medium |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | ||||
| CVE-2022-38067 | 1 Total-soft | 1 Event Calendar | 2025-02-20 | 6.5 Medium |
| Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | ||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | ||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2025-02-20 | 6.5 Medium |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | ||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-20 | 4.3 Medium |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | ||||
| CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2025-02-20 | 7.2 High |
| Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | ||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2025-02-20 | 8.8 High |
| Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | ||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | ||||
| CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2025-02-20 | 5.4 Medium |
| Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | ||||
| CVE-2022-45069 | 1 Automattic | 1 Crowdsignal Dashboard | 2025-02-20 | 6.3 Medium |
| Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | ||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2025-02-20 | 4.3 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | ||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-20 | 6.5 Medium |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | ||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | ||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2025-02-20 | 5.3 Medium |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | ||||