Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 230600 entries
IDDescriptionPriorityModified date
CVE-2022-36390 Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. -- Sep 23, 2022
CVE-2022-40310 Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. -- Sep 23, 2022
CVE-2022-36341 Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni\'s AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. -- Aug 25, 2022
CVE-2022-38058 Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. -- Sep 10, 2022
CVE-2022-33142 Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. -- Aug 25, 2022
CVE-2022-38134 Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. -- Sep 23, 2022
CVE-2022-29442 Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. LOW Jun 15, 2022
CVE-2021-36826 Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. LOW Apr 5, 2022
CVE-2022-35275 Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. -- Sep 10, 2022
CVE-2022-36375 Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari\'s Tabs plugin <= 3.6.0 at WordPress. -- Jul 26, 2022
CVE-2021-36857 Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. -- Aug 23, 2022
CVE-2022-36282 Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy\'s Search Exclude plugin <= 1.2.6 at WordPress. -- Aug 26, 2022
CVE-2022-29452 Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. LOW Jun 16, 2022
CVE-2021-36851 Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. LOW Apr 5, 2022
CVE-2022-31475 Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP\'s GiveWP plugin <= 2.20.2 at WordPress. -- Jul 21, 2022
CVE-2022-37330 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. -- Sep 23, 2022
CVE-2022-36355 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. -- Sep 2, 2022
CVE-2022-38460 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress. -- Sep 23, 2022
CVE-2022-37339 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. -- Sep 23, 2022
CVE-2022-36791 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress. -- Sep 23, 2022
CVE-2022-36405 Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. -- Aug 26, 2022
CVE-2022-32280 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro\'s XO Slider plugin <= 3.3.2 at WordPress. LOW Jun 16, 2022
CVE-2022-29449 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Opal Hotel Room Booking plugin <= 1.2.7 at WordPress. LOW May 19, 2022
CVE-2022-33191 Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul\'s Testimonials plugin <= 3.0.1 at WordPress. -- Jul 22, 2022
CVE-2022-29426 Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team\'s Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. LOW May 20, 2022
CVE-2022-33943 Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla\'s BxSlider WP plugin <= 2.0.0 at WordPress. -- Jul 27, 2022
CVE-2022-29433 Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. LOW May 13, 2022
CVE-2022-25604 Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). LOW Mar 18, 2022
CVE-2022-37335 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA\'s Word Search Puzzles game plugin <= 2.0.1 at WordPress. -- Sep 10, 2022
CVE-2022-37328 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. -- Sep 23, 2022
CVE-2022-34648 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. -- Aug 25, 2022
CVE-2022-36394 Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. -- Aug 25, 2022
CVE-2022-38061 Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. -- Sep 23, 2022
CVE-2021-36893 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 LOW Apr 15, 2022
CVE-2021-36896 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 LOW Apr 15, 2022
CVE-2022-36378 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. -- Jul 29, 2022
CVE-2022-36343 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. -- Aug 5, 2022
CVE-2022-35882 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. -- Jul 28, 2022
CVE-2022-25603 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). LOW Mar 18, 2022
CVE-2022-25607 Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). MEDIUM Mar 18, 2022
CVE-2022-29438 Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. LOW Jun 15, 2022
CVE-2022-34154 Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. -- Aug 5, 2022
CVE-2021-36866 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. LOW Jun 2, 2022
CVE-2022-27853 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 LOW Apr 25, 2022
CVE-2022-29447 Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Hover Effects plugin <= 2.1 at WordPress. MEDIUM May 20, 2022
CVE-2022-29445 Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Popup Box plugin <= 2.1.2 at WordPress. MEDIUM May 18, 2022
CVE-2022-29446 Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company\'s Counter Box plugin <= 1.1.1 at WordPress. MEDIUM May 19, 2022
CVE-2022-25618 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 LOW Apr 5, 2022
CVE-2021-36847 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. -- Aug 23, 2022
CVE-2021-36839 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. -- Oct 4, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online