Giters

daffainfo / CVE

My CVE Publications

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-27848

Description

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1

Plugin Name

Modern Events Calendar Lite

Affected Version

<= 6.5.1

Fixed Version

6.5.2

Advisory link

CVE-2022-27844

Description

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70

Plugin Name

WPvivid

Affected Version

<= 0.9.70

Fixed Version

0.9.71

Advisory link

CVE-2022-23984

Description

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).

Plugin Name

wpDiscuz

Affected Version

<= 7.3.11

Fixed Version

7.3.12

Advisory link

CVE-2022-23983

Description

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).

Plugin Name

WP Content Copy Protection & No Right Click

Affected Version

<= 3.4.4

Fixed Version

3.4.5

Advisory link

CVE-2022-25618

Description

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27

Plugin Name

wpDataTables

Affected Version

<= 2.1.27

Fixed Version

2.1.28

Advisory link

CVE-2021-24519

Description

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

Plugin Name

VikRentCar

Affected Version

<= 1.1.9

Fixed Version

1.1.10

Advisory link

CVE-2021-24561

Description

The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue

Plugin Name

WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

Affected Version

<= 5.4.12

Fixed Version

5.4.13

Advisory link

CVE-2021-24531

Description

The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.

Plugin Name

Charitable

Affected Version

<= 1.6.50

Fixed Version

1.6.51

Advisory link

About

My CVE Publications