Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36896 | 1 W3eden | 1 Pricing Table | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | ||||
| CVE-2021-36846 | 1 Premio | 1 Chaty | 2025-02-20 | 4.8 Medium |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | ||||
| CVE-2021-36893 | 1 Wpdarko | 1 Responsive Tabs | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | ||||
| CVE-2022-27845 | 1 Plausible | 1 Plausible Analytics | 2025-02-20 | 4.8 Medium |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 | ||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | ||||
| CVE-2022-27848 | 1 Webnus | 1 Modern Events Calendar Lite | 2025-02-20 | 3.4 Low |
| Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | ||||
| CVE-2022-27853 | 1 Contest-gallery | 1 Contest Gallery | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | ||||
| CVE-2022-29418 | 1 Night Mode Project | 1 Night Mode | 2025-02-20 | 4.8 Medium |
| Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | ||||
| CVE-2021-36867 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | ||||
| CVE-2021-36895 | 1 Tripetto | 1 Tripetto | 2025-02-20 | 4.7 Medium |
| Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | ||||
| CVE-2022-27854 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | ||||
| CVE-2022-27860 | 1 Footer-text Project | 1 Footer-text | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | ||||
| CVE-2022-29415 | 1 Ravpage Project | 1 Ravpage | 2025-02-20 | 6.1 Medium |
| Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress. | ||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | ||||
| CVE-2024-4720 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 3.5 Low |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-36912 | 1 Google-news-sitemap Project | 1 Google-news-sitemap | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | ||||
| CVE-2022-29421 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 4.7 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | ||||
| CVE-2022-29422 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | ||||