Search CVE reports


Toggle filters

21 – 30 of 360 results


CVE-2022-3125

Medium priority
Needs evaluation

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-3124

Medium priority
Needs evaluation

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31129

Medium priority

Some fixes available 4 of 102

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

node-moment, gnucash, mediawiki, ntopng, odoo...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
node-moment Not affected Fixed Fixed Fixed
gnucash Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ntopng Needs evaluation Needs evaluation Needs evaluation Needs evaluation
odoo Needs evaluation Needs evaluation Not in release Not in release
omnidb Needs evaluation Needs evaluation Needs evaluation Not in release
ruby-momentjs-rails Needs evaluation Needs evaluation Needs evaluation Not in release
sabnzbdplus Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syncthing Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Vulnerable Fixed Not affected Not affected
Show all 11 packages Show less packages

CVE-2022-2839

Medium priority
Needs evaluation

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due...

2 affected packages

wordpress, zephyr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
zephyr Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2763

Medium priority
Needs evaluation

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-2628

Medium priority
Needs evaluation

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-21664

Medium priority
Needs evaluation

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there’s potential for unintended SQL queries to...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2022-21663

Low priority
Needs evaluation

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2022-21662

Medium priority
Needs evaluation

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2022-21661

Medium priority
Needs evaluation

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or...

1 affected package

wordpress

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wordpress Not affected Not affected Needs evaluation Needs evaluation
Show less packages