The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-29425 | Cross-Site Scripting (XSS) vulnerability in WP Wham\'s Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29426 | Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team\'s Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | LOW | May 20, 2022 | n/a |
CVE-2022-29427 | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni\'s Disable Right Click For WP plugin <= 1.1.6 at WordPress. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29428 | Cross-Site Scripting (XSS) vulnerability in Muneeb\'s WP Slider Plugin <= 1.4.5 at WordPress. | LOW | May 20, 2022 | n/a |
CVE-2022-29429 | Remote Code Execution (RCE) in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | MEDIUM | May 18, 2022 | n/a |
CVE-2022-29430 | Cross-Site Scripting (XSS) vulnerability in KubiQ\'s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29431 | Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29432 | Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | LOW | May 20, 2022 | n/a |
CVE-2022-29433 | Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | LOW | May 13, 2022 | n/a |
CVE-2022-29434 | Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29435 | Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. | MEDIUM | May 18, 2022 | n/a |
CVE-2022-29436 | Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann\'s Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | MEDIUM | May 18, 2022 | n/a |
CVE-2022-29437 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | MEDIUM | Jun 15, 2022 | n/a |
CVE-2022-29438 | Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | LOW | Jun 15, 2022 | n/a |
CVE-2022-29439 | Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | MEDIUM | Jun 15, 2022 | n/a |
CVE-2022-29440 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | LOW | Jun 15, 2022 | n/a |
CVE-2022-29441 | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | MEDIUM | Jun 15, 2022 | n/a |
CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | LOW | Jun 15, 2022 | n/a |
CVE-2022-29443 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark\'s Hotel Booking plugin <= 3.0 at WordPress. | LOW | Jun 16, 2022 | n/a |
CVE-2022-29444 | Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin\'s settings including CDN setting which could be further used for XSS attack. | LOW | May 3, 2022 | n/a |
CVE-2022-29445 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Popup Box plugin <= 2.1.2 at WordPress. | MEDIUM | May 18, 2022 | n/a |
CVE-2022-29446 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Counter Box plugin <= 1.1.1 at WordPress. | MEDIUM | May 19, 2022 | n/a |
CVE-2022-29447 | Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Hover Effects plugin <= 2.1 at WordPress. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29448 | Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Herd Effects plugin <= 5.2 at WordPress. | MEDIUM | May 20, 2022 | n/a |
CVE-2022-29449 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. | LOW | May 19, 2022 | n/a |
CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | MEDIUM | Jun 16, 2022 | n/a |
CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | MEDIUM | Apr 30, 2022 | n/a |
CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | LOW | Jun 16, 2022 | n/a |
CVE-2022-29453 | Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | MEDIUM | Jun 15, 2022 | n/a |
CVE-2022-29454 | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated. | -- | Jul 21, 2022 | n/a |
CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor\'s Elementor Website Builder plugin <= 3.5.5 versions. | MEDIUM | Jun 13, 2022 | n/a |
CVE-2022-29457 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | MEDIUM | Apr 19, 2022 | n/a |
CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | MEDIUM | Apr 19, 2022 | n/a |
CVE-2022-29464 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0. | HIGH | Apr 25, 2022 | n/a |
CVE-2022-29465 | An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | -- | Aug 6, 2022 | n/a |
CVE-2022-29466 | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. | LOW | Nov 11, 2022 | n/a |
CVE-2022-29467 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29468 | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | -- | Aug 24, 2022 | n/a |
CVE-2022-29470 | Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | Aug 11, 2023 | n/a |
CVE-2022-29471 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29472 | An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | -- | Oct 26, 2022 | n/a |
CVE-2022-29473 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | MEDIUM | May 5, 2022 | n/a |
CVE-2022-29474 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | MEDIUM | May 5, 2022 | n/a |
CVE-2022-29475 | An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | -- | Oct 26, 2022 | n/a |
CVE-2022-29476 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | -- | Aug 25, 2022 | n/a |
CVE-2022-29477 | An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. | -- | Oct 26, 2022 | n/a |
CVE-2022-29479 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | MEDIUM | May 5, 2022 | n/a |
CVE-2022-29480 | On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | MEDIUM | May 5, 2022 | n/a |
CVE-2022-29481 | A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | -- | Nov 10, 2022 | n/a |
CVE-2022-29482 | \'Mobaoku-Auction&Flea Market\' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | MEDIUM | Jun 14, 2022 | n/a |