Export limit exceeded: 23483 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47438 | 1 Wpdevart | 1 Booking Calendar | 2025-01-10 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions. | ||||
| CVE-2022-47603 | 1 Wpdevart | 1 Image And Video Gallery With Thumbnails | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions. | ||||
| CVE-2023-23870 | 1 Wpdevart | 1 Responsive Vertical Icon Menu | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions. | ||||
| CVE-2023-23972 | 1 Wpdevart | 1 Social Like Box And Page | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. | ||||
| CVE-2023-24004 | 1 Wpdevart | 1 Download Image And Video Lightbox\, Image Popup | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions. | ||||
| CVE-2023-24002 | 1 Wpdevart | 1 Youtube Embed\, Playlist And Popup | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. | ||||
| CVE-2023-24387 | 1 Wpdevart | 1 Organization Chart | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions. | ||||
| CVE-2023-0900 | 1 Wpdevart | 1 Pricing Table Builder | 2025-01-08 | 7.2 High |
| The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | ||||
| CVE-2023-47533 | 1 Wpdevart | 1 Countdown And Countup\, Woocommerce Sales Timer | 2025-01-07 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | ||||
| CVE-2024-37542 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2024-35750 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2023-46075 | 1 Wpdevart | 1 Contact Form Builder | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions. | ||||
| CVE-2023-45630 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | ||||
| CVE-2023-45629 | 1 Wpdevart | 1 Gallery - Image And Video Gallery With Thumbnails | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | ||||
| CVE-2023-24388 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). | ||||
| CVE-2022-47428 | 1 Wpdevart | 1 Booking Calendar | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | ||||
| CVE-2022-1946 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 6.1 Medium |
| The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2022-0876 | 1 Wpdevart | 1 Social Comments | 2024-11-21 | 4.8 Medium |
| The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2022-0640 | 1 Wpdevart | 1 Pricing Table Builder | 2024-11-21 | 6.1 Medium |
| The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | ||||
| CVE-2022-0199 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-11-21 | 4.3 Medium |
| The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | ||||