The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-29408 | Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital\'s Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | MEDIUM | May 25, 2022 |
| CVE-2022-29409 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | -- | Jan 8, 2024 |
| CVE-2022-29410 | Authenticated SQL Injection (SQLi) vulnerability in Mufeng\'s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | MEDIUM | May 6, 2022 |
| CVE-2022-29411 | SQL Injection (SQLi) vulnerability in Mufeng\'s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | HIGH | May 6, 2022 |
| CVE-2022-29412 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | MEDIUM | May 6, 2022 |
| CVE-2022-29413 | Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng\'s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | MEDIUM | May 6, 2022 |
| CVE-2022-29414 | Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube\'s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. | MEDIUM | Apr 30, 2022 |
| CVE-2022-29415 | Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer\'s Ravpage plugin <= 2.16 at WordPress. | MEDIUM | May 4, 2022 |
| CVE-2022-29416 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. | -- | Feb 6, 2023 |
| CVE-2022-29417 | Plugin Settings Update vulnerability in ShortPixel\'s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | MEDIUM | Apr 25, 2022 |
| CVE-2022-29418 | Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | LOW | Apr 25, 2022 |
| CVE-2022-29419 | SQL Injection (SQLi) vulnerability in Don Crowther\'s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | MEDIUM | Apr 25, 2022 |
| CVE-2022-29420 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat\'s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. | LOW | May 6, 2022 |
| CVE-2022-29421 | Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\'s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | MEDIUM | May 6, 2022 |
| CVE-2022-29422 | Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat\'s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. | LOW | May 6, 2022 |
| CVE-2022-29423 | Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | HIGH | May 6, 2022 |
| CVE-2022-29424 | Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari\'s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. | LOW | May 20, 2022 |
| CVE-2022-29425 | Cross-Site Scripting (XSS) vulnerability in WP Wham\'s Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. | MEDIUM | May 20, 2022 |
| CVE-2022-29426 | Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team\'s Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | LOW | May 20, 2022 |
| CVE-2022-29427 | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni\'s Disable Right Click For WP plugin <= 1.1.6 at WordPress. | MEDIUM | May 20, 2022 |
| CVE-2022-29428 | Cross-Site Scripting (XSS) vulnerability in Muneeb\'s WP Slider Plugin <= 1.4.5 at WordPress. | LOW | May 20, 2022 |
| CVE-2022-29429 | Remote Code Execution (RCE) in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | MEDIUM | May 18, 2022 |
| CVE-2022-29430 | Cross-Site Scripting (XSS) vulnerability in KubiQ\'s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | MEDIUM | May 20, 2022 |
| CVE-2022-29431 | Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | MEDIUM | May 20, 2022 |
| CVE-2022-29432 | Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | LOW | May 20, 2022 |
| CVE-2022-29433 | Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | LOW | May 13, 2022 |
| CVE-2022-29434 | Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | MEDIUM | May 20, 2022 |
| CVE-2022-29435 | Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. | MEDIUM | May 18, 2022 |
| CVE-2022-29436 | Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | MEDIUM | May 18, 2022 |
| CVE-2022-29437 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | MEDIUM | Jun 15, 2022 |
| CVE-2022-29438 | Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | LOW | Jun 15, 2022 |
| CVE-2022-29439 | Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | MEDIUM | Jun 15, 2022 |
| CVE-2022-29440 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | LOW | Jun 15, 2022 |
| CVE-2022-29441 | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | MEDIUM | Jun 15, 2022 |
| CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | LOW | Jun 15, 2022 |
| CVE-2022-29443 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark\'s Hotel Booking plugin <= 3.0 at WordPress. | LOW | Jun 16, 2022 |
| CVE-2022-29444 | Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin\'s settings including CDN setting which could be further used for XSS attack. | LOW | May 3, 2022 |
| CVE-2022-29445 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Popup Box plugin <= 2.1.2 at WordPress. | MEDIUM | May 18, 2022 |
| CVE-2022-29446 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Counter Box plugin <= 1.1.1 at WordPress. | MEDIUM | May 19, 2022 |
| CVE-2022-29447 | Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Hover Effects plugin <= 2.1 at WordPress. | MEDIUM | May 20, 2022 |
| CVE-2022-29448 | Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Herd Effects plugin <= 5.2 at WordPress. | MEDIUM | May 20, 2022 |
| CVE-2022-29449 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | LOW | May 19, 2022 |
| CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | MEDIUM | Jun 16, 2022 |
| CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | MEDIUM | Apr 30, 2022 |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | LOW | Jun 16, 2022 |
| CVE-2022-29453 | Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | MEDIUM | Jun 15, 2022 |
| CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | -- | Jul 21, 2022 |
| CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor\'s Elementor Website Builder plugin <= 3.5.5 versions. | MEDIUM | Jun 13, 2022 |
| CVE-2022-29457 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | MEDIUM | Apr 19, 2022 |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | MEDIUM | Apr 19, 2022 |
