The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-4760 | The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Jan 23, 2023 | n/a |
| CVE-2022-4761 | The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4762 | The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Feb 6, 2023 | n/a |
| CVE-2022-4763 | The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4764 | The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4765 | The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4766 | A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880. | -- | Dec 27, 2022 | n/a |
| CVE-2022-4767 | Denial of Service in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 27, 2022 | n/a |
| CVE-2022-4768 | A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. The name of the patch is d93087973afa26bc0a2d0a5eb5c0fde748bdd107. It is recommended to apply a patch to fix this issue. VDB-216906 is the identifier assigned to this vulnerability. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4769 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. | -- | Apr 4, 2023 | n/a |
| CVE-2022-4770 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). | -- | Apr 4, 2023 | n/a |
| CVE-2022-4771 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. | -- | Apr 4, 2023 | n/a |
| CVE-2022-4772 | A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4773 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4774 | The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it\'s file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | -- | May 15, 2023 | n/a |
| CVE-2022-4775 | The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Jan 23, 2023 | n/a |
| CVE-2022-4776 | The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4777 | The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4778 | StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server\'s filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | -- | Dec 29, 2022 | n/a |
| CVE-2022-4779 | StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | -- | Dec 29, 2022 | n/a |
| CVE-2022-4780 | ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change. | -- | Dec 29, 2022 | n/a |
| CVE-2022-4781 | The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4782 | The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Aug 16, 2023 | n/a |
| CVE-2022-4783 | The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 13, 2023 | n/a |
| CVE-2022-4784 | The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4785 | The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4786 | The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Feb 21, 2023 | n/a |
| CVE-2022-4787 | Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4788 | The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Mar 3, 2023 | n/a |
| CVE-2022-4789 | The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 23, 2023 | n/a |
| CVE-2022-4790 | The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 23, 2023 | n/a |
| CVE-2022-4791 | The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Feb 21, 2023 | n/a |
| CVE-2022-4792 | The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4793 | The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4794 | The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. | -- | Jan 31, 2023 | n/a |
| CVE-2022-4795 | The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | -- | Mar 3, 2023 | n/a |
| CVE-2022-4796 | Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4797 | Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4798 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4799 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4800 | Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4801 | Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4802 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4803 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4804 | Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4805 | Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4806 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4807 | Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4808 | Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4809 | Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
