CVE-2022-27848
Description
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
Plugin Name
Affected Version
<= 6.5.1
Fixed Version
6.5.2
Advisory link
CVE-2022-27844
Description
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
Plugin Name
Affected Version
<= 0.9.70
Fixed Version
0.9.71
Advisory link
CVE-2022-23984
Description
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
Plugin Name
Affected Version
<= 7.3.11
Fixed Version
7.3.12
Advisory link
CVE-2022-23983
Description
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
Plugin Name
WP Content Copy Protection & No Right Click
Affected Version
<= 3.4.4
Fixed Version
3.4.5
Advisory link
CVE-2022-25618
Description
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
Plugin Name
Affected Version
<= 2.1.27
Fixed Version
2.1.28
Advisory link
CVE-2021-24519
Description
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name
Affected Version
<= 1.1.9
Fixed Version
1.1.10
Advisory link
CVE-2021-24561
Description
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
Plugin Name
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Affected Version
<= 5.4.12
Fixed Version
5.4.13
Advisory link
CVE-2021-24531
Description
The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
Plugin Name
Affected Version
<= 1.6.50
Fixed Version
1.6.51