Total
3179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40223 | 1 Searchwp | 1 Searchwp | 2024-11-21 | N/A | 5.4 MEDIUM |
| Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | |||||
| CVE-2022-40218 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | |||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-11-21 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||||
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2024-11-21 | N/A | 8.1 HIGH |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | |||||
| CVE-2022-3961 | 1 Wpwax | 1 Directorist | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. | |||||
| CVE-2022-3946 | 1 Collne | 1 Welcart E-commerce | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | |||||
| CVE-2022-3920 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A | 5.3 MEDIUM |
| HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. | |||||
| CVE-2022-3622 | 1 Adenion | 1 Blog2social | 2024-11-21 | N/A | 4.7 MEDIUM |
| The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. | |||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 3.5 LOW |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2022-3489 | 1 Weberge | 1 Wp Hide | 2024-11-21 | N/A | 5.3 MEDIUM |
| The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request | |||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | |||||
| CVE-2022-3400 | 1 Bricksbuilder | 1 Bricks | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | |||||
| CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | |||||
| CVE-2022-3321 | 1 Cloudflare | 1 Warp Mobile Client | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. | |||||
| CVE-2022-3320 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. | |||||
| CVE-2022-3244 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | N/A | 4.2 MEDIUM |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce | |||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | |||||
| CVE-2022-3096 | 1 Wp Total Hacks Project | 1 Wp Total Hacks | 2024-11-21 | N/A | 5.4 MEDIUM |
| The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. | |||||