Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2023-07-21 | N/A | 5.3 MEDIUM |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | |||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2023-07-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | |||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2023-07-21 | N/A | 9.1 CRITICAL |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | |||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2023-07-21 | N/A | 4.3 MEDIUM |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | |||||
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2023-07-21 | N/A | 8.8 HIGH |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | |||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2023-07-21 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | |||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2023-07-21 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | |||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2023-07-21 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2023-07-21 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2023-07-21 | N/A | 5.3 MEDIUM |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
| CVE-2010-3856 | 1 Gnu | 1 Glibc | 2023-07-20 | 7.2 HIGH | N/A |
| ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | |||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2023-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | |||||
| CVE-2022-48508 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 7.5 HIGH |
| Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2023-07-10 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2023-07-07 | N/A | 4.3 MEDIUM |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | |||||
| CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2023-07-07 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | |||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2023-07-06 | N/A | 8.8 HIGH |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | |||||
| CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2023-07-06 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-23708 | 1 Elastic | 1 Elasticsearch | 2023-07-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | |||||
| CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2023-07-03 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||