Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1268PUBLISHED: 2022-05-23The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
CVE-2022-1298PUBLISHED: 2022-05-23The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-1320PUBLISHED: 2022-05-23The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1547PUBLISHED: 2022-05-23The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1558PUBLISHED: 2022-05-23The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
User Rank: Apprentice
6/18/2019 | 4:59:42 AM