Total
29368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2025-02-20 | 7.6 High |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | ||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2025-02-20 | 7.3 High |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | ||||
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2025-02-20 | 5.4 Medium |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | ||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2025-02-20 | 4.3 Medium |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | ||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | ||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2025-02-20 | 6.5 Medium |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | ||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-20 | 4.3 Medium |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | ||||
| CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2025-02-20 | 7.2 High |
| Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | ||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | ||||
| CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2025-02-20 | 5.4 Medium |
| Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | ||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2025-02-20 | 4.3 Medium |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | ||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-20 | 6.5 Medium |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | ||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2025-02-20 | 5.4 Medium |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | ||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2025-02-20 | 5.3 Medium |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | ||||
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | ||||
| CVE-2022-40208 | 1 Moodle | 1 Moodle | 2025-02-20 | 4.3 Medium |
| In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | ||||
| CVE-2024-2917 | 1 Campcodes | 1 House Rental Management System | 2025-02-20 | 5.4 Medium |
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | ||||
| CVE-2024-4818 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 5.3 Medium |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. | ||||
| CVE-2024-28114 | 1 Peering-manager | 1 Peering Manager | 2025-02-20 | 8.1 High |
| Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-56511 | 1 Dataease | 1 Dataease | 2025-02-20 | 9.8 Critical |
| DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, ”request.getRequestURI“ is used to obtain the request URL, and it is passed to the "WhitelistUtils.match" method to determine whether the URL request is an interface that does not require authentication. The "match" method filters semicolons, but this is not enough. When users set "server.servlet.context-path" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4. | ||||