Search criteria
9622 vulnerabilities
CVE-2022-2935 (GCVE-0-2022-2935)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-02-07 20:47
VLAI?
Title
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL
Summary
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| biplob018 | Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) |
Affected:
9.7.3 , ≤ 9.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2935"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:47:25.994190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:47:28.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)",
"vendor": "biplob018",
"versions": [
{
"lessThanOrEqual": "9.7.3",
"status": "affected",
"version": "9.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin\u0027s features available to lower privileged users through the \u0027Who Can Edit?\u0027 setting then this can be exploited by those users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:19:01.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2935"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Image Hover Effects Ultimate \u003c= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2935",
"STATE": "PUBLIC",
"TITLE": "Image Hover Effects Ultimate \u003c= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.7.3",
"version_value": "9.7.3"
}
]
}
}
]
},
"vendor_name": "biplob018"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin\u0027s features available to lower privileged users through the \u0027Who Can Edit?\u0027 setting then this can be exploited by those users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2935",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2935"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2935",
"datePublished": "2022-09-06T17:19:01.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:47:28.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2945 (GCVE-0-2022-2945)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2026-04-08 17:05
VLAI?
Title
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal
Summary
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load |
Affected:
0 , ≤ 5.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8957413c-95e0-49c8-ba8a-02b9b5141e08?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ajax Load More \u2013 Infinite Scroll, Load More, \u0026 Lazy Load",
"vendor": "dcooney",
"versions": [
{
"lessThanOrEqual": "5.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Zeeshan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the \u0027type\u0027 parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:05:28.279Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8957413c-95e0-49c8-ba8a-02b9b5141e08?source=cve"
},
{
"url": "https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt"
},
{
"url": "https://gist.github.com/Xib3rR4dAr/f9a4b4838154854ec6cde7d5deb76bf9"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2945"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Infinite Scroll \u2013 Ajax Load More \u003c= 5.5.3 - Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2945",
"datePublished": "2022-09-06T17:19:01.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:05:28.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2939 (GCVE-0-2022-2939)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-02-07 20:47
VLAI?
Title
WP Cerber Security <= 9.0 - User Enumeration Bypass
Summary
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gioni | WP Cerber Security, Anti-spam & Malware Scan |
Affected:
9.0 , ≤ 9.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2772930/wp-cerber/trunk/cerber-load.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:47:11.071105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:47:15.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Cerber Security, Anti-spam \u0026 Malware Scan",
"vendor": "gioni",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Margaux DABERT (Intrinsec)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the \u0027author\u0027 parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:19:01.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2772930/wp-cerber/trunk/cerber-load.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Cerber Security \u003c= 9.0 - User Enumeration Bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2939",
"STATE": "PUBLIC",
"TITLE": "WP Cerber Security \u003c= 9.0 - User Enumeration Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Cerber Security, Anti-spam \u0026 Malware Scan",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "gioni"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Margaux DABERT (Intrinsec)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the \u0027author\u0027 parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2939",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2939"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2772930/wp-cerber/trunk/cerber-load.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2772930/wp-cerber/trunk/cerber-load.php"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2939",
"datePublished": "2022-09-06T17:19:01.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:47:15.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2936 (GCVE-0-2022-2936)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-02-07 20:47
VLAI?
Title
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link
Summary
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| biplob018 | Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) |
Affected:
9.7.3 , ≤ 9.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:47:39.102376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:47:41.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)",
"vendor": "biplob018",
"versions": [
{
"lessThanOrEqual": "9.7.3",
"status": "affected",
"version": "9.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin\u0027s features available to lower privileged users through the \u0027Who Can Edit?\u0027 setting then this can be exploited by those users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:19:00.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Image Hover Effects Ultimate \u003c= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2936",
"STATE": "PUBLIC",
"TITLE": "Image Hover Effects Ultimate \u003c= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.7.3",
"version_value": "9.7.3"
}
]
}
}
]
},
"vendor_name": "biplob018"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin\u0027s features available to lower privileged users through the \u0027Who Can Edit?\u0027 setting then this can be exploited by those users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2669411%40image-hover-effects-ultimate\u0026new=2669411%40image-hover-effects-ultimate\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2936"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2936",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:47:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2941 (GCVE-0-2022-2941)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2026-04-08 16:55
VLAI?
Title
WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Summary
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-UserOnline |
Affected:
0 , ≤ 2.88.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2770235%40wp-useronline\u0026new=2770235%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2941",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:30.549962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:17:42.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-UserOnline",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "2.88.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juampa Rodr\u00edguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the \"Naming Conventions\" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:55:35.339Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve"
},
{
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2770235%40wp-useronline\u0026new=2770235%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941"
},
{
"url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP-UserOnline \u003c= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2941",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:55:35.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2718 (GCVE-0-2022-2718)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2026-04-08 17:11
VLAI?
Title
JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby
Summary
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| beardev | JoomSport – for Sports: Team & League, Football, Hockey & more |
Affected:
0 , ≤ 5.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9eee9bec-609a-468b-8b44-ac4af409df93?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/trunk/includes/pages/joomsport-page-extrafields.php?rev=2540219#L26"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2767877%40joomsport-sports-league-results-management\u0026new=2767877%40joomsport-sports-league-results-management\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more",
"vendor": "beardev",
"versions": [
{
"lessThanOrEqual": "5.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "salim al-wahaibi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more plugin for WordPress is vulnerable to SQL Injection via the \u0027orderby\u0027 parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:50.609Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9eee9bec-609a-468b-8b44-ac4af409df93?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/trunk/includes/pages/joomsport-page-extrafields.php?rev=2540219#L26"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2767877%40joomsport-sports-league-results-management\u0026new=2767877%40joomsport-sports-league-results-management\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2718"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more \u003c= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2718",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:11:50.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2934 (GCVE-0-2022-2934)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-02-07 20:48
VLAI?
Title
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL
Summary
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| justinbusa | Beaver Builder – WordPress Page Builder |
Affected:
2.5.5.2 , ≤ 2.5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2934"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:47:58.421707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:48:02.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Beaver Builder \u2013 WordPress Page Builder ",
"vendor": "justinbusa",
"versions": [
{
"lessThanOrEqual": "2.5.5.2",
"status": "affected",
"version": "2.5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Image URL\u0027 value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:19:00.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2934"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2934",
"STATE": "PUBLIC",
"TITLE": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beaver Builder \u2013 WordPress Page Builder ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.5.5.2",
"version_value": "2.5.5.2"
}
]
}
}
]
},
"vendor_name": "justinbusa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Image URL\u0027 value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wpbeaverbuilder.com/change-logs/",
"refsource": "MISC",
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2934",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2934"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2934",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:48:02.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2716 (GCVE-0-2022-2716)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:19 – Updated: 2025-02-13 20:45
VLAI?
Title
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor
Summary
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| justinbusa | Beaver Builder – WordPress Page Builder |
Affected:
2.5.5.2 , ≤ 2.5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2716"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:45:55.130226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:45:59.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Beaver Builder \u2013 WordPress Page Builder ",
"vendor": "justinbusa",
"versions": [
{
"lessThanOrEqual": "2.5.5.2",
"status": "affected",
"version": "2.5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Text Editor\u0027 block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:19:00.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2716",
"STATE": "PUBLIC",
"TITLE": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beaver Builder \u2013 WordPress Page Builder ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.5.5.2",
"version_value": "2.5.5.2"
}
]
}
}
]
},
"vendor_name": "justinbusa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Text Editor\u0027 block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wpbeaverbuilder.com/change-logs/",
"refsource": "MISC",
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2716",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2716"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2716",
"datePublished": "2022-09-06T17:19:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:45:59.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2542 (GCVE-0-2022-2542)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:50
VLAI?
Title
uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting
Summary
The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gcornelisse | uContext for Clickbank |
Affected:
0 , ≤ 3.9.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:08.752015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:17:51.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "uContext for Clickbank",
"vendor": "gcornelisse",
"versions": [
{
"lessThanOrEqual": "3.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hayato Takizawa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:51.728Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/Ucontext_Ajax.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-26T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "uContext for Clickbank \u003c= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2542",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-07-26T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:50:51.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2540 (GCVE-0-2022-2540)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 17:22
VLAI?
Title
Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting
Summary
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| adambard | Link Optimizer Lite |
Affected:
0 , ≤ 1.4.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca64692b-b194-4ceb-975e-72e4041252f2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/link-optimizer-lite/1.4.5/admin.php#L20"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Link Optimizer Lite",
"vendor": "adambard",
"versions": [
{
"lessThanOrEqual": "1.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hayato Takizawa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:22:09.440Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca64692b-b194-4ceb-975e-72e4041252f2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/link-optimizer-lite/1.4.5/admin.php#L20"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2540"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-26T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Link Optimizer Lite \u003c= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2540",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-07-26T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:22:09.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2717 (GCVE-0-2022-2717)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 17:11
VLAI?
Title
JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby
Summary
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| beardev | JoomSport – for Sports: Team & League, Football, Hockey & more |
Affected:
0 , ≤ 5.2.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/trunk/includes/pages/joomsport-page-events.php?rev=2679820#L28"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2717"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2767877%40joomsport-sports-league-results-management\u0026new=2767877%40joomsport-sports-league-results-management\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more",
"vendor": "beardev",
"versions": [
{
"lessThanOrEqual": "5.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "salim al-wahaibi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more plugin for WordPress is vulnerable to SQL Injection via the \u0027orderby\u0027 parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:15.331Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/joomsport-sports-league-results-management/trunk/includes/pages/joomsport-page-events.php?rev=2679820#L28"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2717"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2767877%40joomsport-sports-league-results-management\u0026new=2767877%40joomsport-sports-league-results-management\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "JoomSport \u2013 for Sports: Team \u0026 League, Football, Hockey \u0026 more \u003c= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2717",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:11:15.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2541 (GCVE-0-2022-2541)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:35
VLAI?
Title
uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting
Summary
The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gcornelisse | uContext for Amazon |
Affected:
0 , ≤ 3.9.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/Ucontext4a_Ajax.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:10.260376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:00.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "uContext for Amazon",
"vendor": "gcornelisse",
"versions": [
{
"lessThanOrEqual": "3.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hayato Takizawa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:44.036Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/Ucontext4a_Ajax.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-26T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "uContext for Amazon \u003c= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2541",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-07-26T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:35:44.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2633 (GCVE-0-2022-2633)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-11-20 14:56
VLAI?
Summary
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.
Severity ?
7.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| plugins360 | All-in-One Video Gallery |
Affected:
2.5.8 , ≤ 2.6.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2744708%40all-in-one-video-gallery\u0026new=2744708%40all-in-one-video-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-17T19:04:22.505558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T14:56:44.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "All-in-One Video Gallery",
"vendor": "plugins360",
"versions": [
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "2.5.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Zuddas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the \u0027dl\u0027 parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:43.003Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2744708%40all-in-one-video-gallery\u0026new=2744708%40all-in-one-video-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2022-08-17T00:00:00.000Z",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2633",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-08-02T00:00:00.000Z",
"dateUpdated": "2024-11-20T14:56:44.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2695 (GCVE-0-2022-2695)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-02-13 20:46
VLAI?
Title
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption'
Summary
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| justinbusa | Beaver Builder – WordPress Page Builder |
Affected:
2.5.5.2 , ≤ 2.5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2695"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:46:14.108978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:46:17.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Beaver Builder \u2013 WordPress Page Builder ",
"vendor": "justinbusa",
"versions": [
{
"lessThanOrEqual": "2.5.5.2",
"status": "affected",
"version": "2.5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027caption\u0027 parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:59.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2695"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via \u0027caption\u0027",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2695",
"STATE": "PUBLIC",
"TITLE": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via \u0027caption\u0027"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beaver Builder \u2013 WordPress Page Builder ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.5.5.2",
"version_value": "2.5.5.2"
}
]
}
}
]
},
"vendor_name": "justinbusa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027caption\u0027 parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wpbeaverbuilder.com/change-logs/",
"refsource": "MISC",
"url": "https://www.wpbeaverbuilder.com/change-logs/"
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2695",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2695"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2695",
"datePublished": "2022-09-06T17:18:59.000Z",
"dateReserved": "2022-08-06T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:46:17.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2516 (GCVE-0-2022-2516)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-02-13 20:45
VLAI?
Title
Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'
Summary
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| visualcomposer | Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages |
Affected:
45.0 , ≤ 45.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:44:59.508909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:45:04.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode \u0026 Coming Soon Pages",
"vendor": "visualcomposer",
"versions": [
{
"lessThanOrEqual": "45.0",
"status": "affected",
"version": "45.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page \u0027Title\u0027 value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:58.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Composer Website Builder \u003c= 45.0 - Authenticated Stored Cross-Site Scripting via \u0027Title\u0027",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2516",
"STATE": "PUBLIC",
"TITLE": "Visual Composer Website Builder \u003c= 45.0 - Authenticated Stored Cross-Site Scripting via \u0027Title\u0027"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode \u0026 Coming Soon Pages",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "45.0",
"version_value": "45.0"
}
]
}
}
]
},
"vendor_name": "visualcomposer"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page \u0027Title\u0027 value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2516",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:45:04.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2473 (GCVE-0-2022-2473)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:58
VLAI?
Title
WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Summary
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gamerz | WP-UserOnline |
Affected:
0 , ≤ 2.87.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758412%40wp-useronline\u0026new=2758412%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/Q3zInrUnAV0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50988"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38893"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38912"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2473",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:33.478823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:28.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-UserOnline",
"vendor": "gamerz",
"versions": [
{
"lessThanOrEqual": "2.87.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "steffin stanly"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018templates[browsingpage][text]\u0027 parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:48.886Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758412%40wp-useronline\u0026new=2758412%40wp-useronline\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://youtu.be/Q3zInrUnAV0"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473"
},
{
"url": "https://www.exploit-db.com/exploits/50988"
},
{
"url": "https://packetstormsecurity.com/files/167864/wpuseronline2876-xss.txt"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38893"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38912"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP-UserOnline \u003c= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2473",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-19T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:58:48.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2518 (GCVE-0-2022-2518)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:55
VLAI?
Title
Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Summary
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dholovnia | Stockists Manager for Woocommerce |
Affected:
0 , ≤ 1.0.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/stockists-manager/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/stockists-manager/trunk/stockist_settings.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:11.689187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:09.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Stockists Manager for Woocommerce",
"vendor": "dholovnia",
"versions": [
{
"lessThanOrEqual": "1.0.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuta Kikuchi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin\u0027s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:55:19.991Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve"
},
{
"url": "https://wordpress.org/plugins/stockists-manager/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/stockists-manager/trunk/stockist_settings.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Stockists Manager for Woocommerce \u003c= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2518",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:55:19.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2517 (GCVE-0-2022-2517)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-02-13 20:44
VLAI?
Title
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover
Summary
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| justinbusa | Beaver Builder – WordPress Page Builder |
Affected:
2.5.5.2 , ≤ 2.5.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2517"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T20:44:43.337742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T20:44:46.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Beaver Builder \u2013 WordPress Page Builder ",
"vendor": "justinbusa",
"versions": [
{
"lessThanOrEqual": "2.5.5.2",
"status": "affected",
"version": "2.5.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Caption - On Hover\u0027 value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:58.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2517"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wpbeaverbuilder.com/change-logs/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2517",
"STATE": "PUBLIC",
"TITLE": "Beaver Builder \u2013 WordPress Page Builder \u003c= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beaver Builder \u2013 WordPress Page Builder ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.5.5.2",
"version_value": "2.5.5.2"
}
]
}
}
]
},
"vendor_name": "justinbusa"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Beaver Builder \u2013 WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Caption - On Hover\u0027 value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2517",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2517"
},
{
"name": "https://www.wpbeaverbuilder.com/change-logs/",
"refsource": "MISC",
"url": "https://www.wpbeaverbuilder.com/change-logs/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2517",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2025-02-13T20:44:46.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2515 (GCVE-0-2022-2515)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:47
VLAI?
Title
Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting
Summary
The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to "Simple Banner" accesses the plugin's settings.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rpetersen29 | Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website |
Affected:
0 , ≤ 2.11.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758766%40simple-banner\u0026new=2758766%40simple-banner\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Xib3rR4dAr/6aa9e730c1d030a5ee9f9d1eae6fbd5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2515",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:31.949831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:18.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Banner \u2013 Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website",
"vendor": "rpetersen29",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Zeeshan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to \"Simple Banner\" accesses the plugin\u0027s settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:15.776Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2758766%40simple-banner\u0026new=2758766%40simple-banner\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://gist.github.com/Xib3rR4dAr/6aa9e730c1d030a5ee9f9d1eae6fbd5e"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2515"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Simple Banner \u003c= 2.11.0 - Authenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2515",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-22T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:47:15.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2461 (GCVE-0-2022-2461)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:41
VLAI?
Title
Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change
Summary
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| oferwald | Transposh WordPress Translation |
Affected:
0 , ≤ 1.0.9.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38891"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2461",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:17:43.818829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:18:40.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Transposh WordPress Translation",
"vendor": "oferwald",
"versions": [
{
"lessThanOrEqual": "1.0.9.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julien Ahrens"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the \u0027tp_translation\u0027 AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:36.744Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461"
},
{
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989"
},
{
"url": "https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38891"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Transposh WordPress Translation \u003c= 1.0.9.6 - Unauthorized Settings Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2461",
"datePublished": "2022-09-06T17:18:58.000Z",
"dateReserved": "2022-07-18T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:41:36.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2436 (GCVE-0-2022-2436)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:49
VLAI?
Title
Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization
Summary
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| codename065 | Download Manager |
Affected:
0 , ≤ 3.2.49
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:14.522322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:22.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Download Manager",
"vendor": "codename065",
"versions": [
{
"lessThanOrEqual": "3.2.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027file[package_dir]\u0027 parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:49:56.375Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php\u0026new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2436"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Download Manager \u003c= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2436",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:49:56.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2442 (GCVE-0-2022-2442)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 17:17
VLAI?
Title
Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization
Summary
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpvividplugins | WPvivid — Backup, Migration & Staging |
Affected:
0 , ≤ 0.9.74
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e2ca2e-c495-47f8-9c18-da5ba73d9e70?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1783"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1747"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php\u0026new=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPvivid \u2014 Backup, Migration \u0026 Staging",
"vendor": "wpvividplugins",
"versions": [
{
"lessThanOrEqual": "0.9.74",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027path\u0027 parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:17:42.222Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e2ca2e-c495-47f8-9c18-da5ba73d9e70?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1783"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/staging/class-wpvivid-staging.php?rev=2749419#L1747"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php\u0026new=2766112%40wpvivid-backuprestore%2Ftrunk%2Fincludes%2Fstaging%2Fclass-wpvivid-staging.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2442"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-10T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Migration, Backup, Staging \u2013 WPvivid \u003c= 0.9.74 - Authenticated (Admin+) PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2442",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:17:42.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2438 (GCVE-0-2022-2438)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:57
VLAI?
Title
Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization
Summary
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpmudev | Broken Link Checker |
Affected:
0 , ≤ 1.11.16
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914\u0026old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2438"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:13.117830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:00.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Broken Link Checker",
"vendor": "wpmudev",
"versions": [
{
"lessThanOrEqual": "1.11.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027$log_file\u0027 value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:11.959Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914\u0026old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2438"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Broken Link Checker \u003c= 1.11.16 - Authenticated (Admin+) PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2438",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:57:11.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2462 (GCVE-0-2022-2462)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 17:18
VLAI?
Title
Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure
Summary
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| oferwald | Transposh WordPress Translation |
Affected:
0 , ≤ 1.0.9.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:29:07.716419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:34:52.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Transposh WordPress Translation",
"vendor": "oferwald",
"versions": [
{
"lessThanOrEqual": "1.0.9.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julien Ahrens"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the \u0027tp_history\u0027 AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:18:51.712Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462"
},
{
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"url": "https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt"
},
{
"url": "https://github.com/oferwald/transposh/blob/master/transposh.php#L1550"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-07-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Transposh WordPress Translation \u003c= 1.0.9.6 - Sensitive Information Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2462",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-18T00:00:00.000Z",
"dateUpdated": "2026-04-08T17:18:51.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2434 (GCVE-0-2022-2434)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:36
VLAI?
Title
String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization
Summary
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| instawp | String locator |
Affected:
0 , ≤ 2.5.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2759486%40string-locator\u0026new=2759486%40string-locator\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2434"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:15.966745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:45.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "String locator",
"vendor": "instawp",
"versions": [
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027string-locator-path\u0027 parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:36:04.002Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2759486%40string-locator\u0026new=2759486%40string-locator\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2434"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "String Locator \u003c= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2434",
"datePublished": "2022-09-06T17:18:57.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:36:04.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2429 (GCVE-0-2022-2429)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-01-31 18:51
VLAI?
Title
Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection
Summary
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Severity ?
6.5 (Medium)
CWE
- CWE-138 - Improper Neutralization of Special Elements
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| homescript | Ultimate SMS Notifications for WooCommerce |
Affected:
1.4.1 , ≤ 1.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-sms-notifications/trunk/README.txt?rev=2441845#L92"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:51:28.093797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:51:31.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ultimate SMS Notifications for WooCommerce",
"vendor": "homescript",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "1.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the \u0027Export Utility\u0027 functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "CWE-138 Improper Neutralization of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:56.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/ultimate-sms-notifications/trunk/README.txt?rev=2441845#L92"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ultimate SMS Notifications for WooCommerce \u003c= 1.4.1 - CSV Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2429",
"STATE": "PUBLIC",
"TITLE": "Ultimate SMS Notifications for WooCommerce \u003c= 1.4.1 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ultimate SMS Notifications for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.4.1",
"version_value": "1.4.1"
}
]
}
}
]
},
"vendor_name": "homescript"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the \u0027Export Utility\u0027 functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-138 Improper Neutralization of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2429",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2429"
},
{
"name": "https://plugins.trac.wordpress.org/browser/ultimate-sms-notifications/trunk/README.txt?rev=2441845#L92",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/ultimate-sms-notifications/trunk/README.txt?rev=2441845#L92"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2429",
"datePublished": "2022-09-06T17:18:56.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:51:31.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2430 (GCVE-0-2022-2430)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-01-31 18:51
VLAI?
Title
Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block'
Summary
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| visualcomposer | Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages |
Affected:
45.0 , ≤ 45.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2430"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:51:08.943962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:51:15.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode \u0026 Coming Soon Pages",
"vendor": "visualcomposer",
"versions": [
{
"lessThanOrEqual": "45.0",
"status": "affected",
"version": "45.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Zhouyuan Yang"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Text Block\u0027 feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:56.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2430"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Composer Website Builder \u003c= 45.0 - Authenticated Stored Cross-Site Scripting via \u0027Text Block\u0027",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2430",
"STATE": "PUBLIC",
"TITLE": "Visual Composer Website Builder \u003c= 45.0 - Authenticated Stored Cross-Site Scripting via \u0027Text Block\u0027"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode \u0026 Coming Soon Pages",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "45.0",
"version_value": "45.0"
}
]
}
}
]
},
"vendor_name": "visualcomposer"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Zhouyuan Yang"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027Text Block\u0027 feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2430",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2430"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2430",
"datePublished": "2022-09-06T17:18:56.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:51:15.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2431 (GCVE-0-2022-2431)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-01-31 19:01
VLAI?
Title
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion
Summary
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server.
Severity ?
8.1 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| download-manager | Download Manager |
Affected:
3.2.50 , ≤ 3.2.50
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2762092%40download-manager\u0026new=2762092%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:01:28.483962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:01:32.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Download Manager",
"vendor": "download-manager",
"versions": [
{
"lessThanOrEqual": "3.2.50",
"status": "affected",
"version": "3.2.50",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the \u0027file[files]\u0027 parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:56.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2762092%40download-manager\u0026new=2762092%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Download Manager \u003c= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2431",
"STATE": "PUBLIC",
"TITLE": "Download Manager \u003c= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.2.50",
"version_value": "3.2.50"
}
]
}
}
]
},
"vendor_name": "download-manager"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the \u0027file[files]\u0027 parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2762092%40download-manager\u0026new=2762092%40download-manager\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2762092%40download-manager\u0026new=2762092%40download-manager\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/167920/wpdownloadmanager3250-filedelete.txt"
},
{
"name": "https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/08/high-severity-vulnerability-patched-in-download-manager-plugin/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2431",
"datePublished": "2022-09-06T17:18:56.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:01:32.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2432 (GCVE-0-2022-2432)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2025-01-31 19:00
VLAI?
Title
Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
Summary
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ecwid | Ecwid Ecommerce Shopping Cart |
Affected:
6.10.23 , ≤ 6.10.23
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2755658%40ecwid-shopping-cart%2Ftrunk\u0026old=2754114%40ecwid-shopping-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/08/cross-site-request-forgery-vulnerability-patched-in-ecwid-ecommerce-shopping-cart-plugin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:00:40.952108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:00:44.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ecwid Ecommerce Shopping Cart",
"vendor": "ecwid",
"versions": [
{
"lessThanOrEqual": "6.10.23",
"status": "affected",
"version": "6.10.23",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marco Wotschka, Wordfence"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:56.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2755658%40ecwid-shopping-cart%2Ftrunk\u0026old=2754114%40ecwid-shopping-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2022/08/cross-site-request-forgery-vulnerability-patched-in-ecwid-ecommerce-shopping-cart-plugin/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Ecwid Ecommerce Shopping Cart \u003c= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"ID": "CVE-2022-2432",
"STATE": "PUBLIC",
"TITLE": "Ecwid Ecommerce Shopping Cart \u003c= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ecwid Ecommerce Shopping Cart",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.10.23",
"version_value": "6.10.23"
}
]
}
}
]
},
"vendor_name": "ecwid"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marco Wotschka, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2755658%40ecwid-shopping-cart%2Ftrunk\u0026old=2754114%40ecwid-shopping-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail=",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2755658%40ecwid-shopping-cart%2Ftrunk\u0026old=2754114%40ecwid-shopping-cart%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"name": "https://www.wordfence.com/blog/2022/08/cross-site-request-forgery-vulnerability-patched-in-ecwid-ecommerce-shopping-cart-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2022/08/cross-site-request-forgery-vulnerability-patched-in-ecwid-ecommerce-shopping-cart-plugin/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2432",
"datePublished": "2022-09-06T17:18:56.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:00:44.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2433 (GCVE-0-2022-2433)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2026-04-08 16:33
VLAI?
Title
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
Summary
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dcooney | Ajax Load More – Infinite Scroll, Load More, & Lazy Load |
Affected:
0 , ≤ 5.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:17.367299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:19:55.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ajax Load More \u2013 Infinite Scroll, Load More, \u0026 Lazy Load",
"vendor": "dcooney",
"versions": [
{
"lessThanOrEqual": "5.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rasoul Jahanshahi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the \u0027alm_repeaters_export\u0027 parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:05.540Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2433"
},
{
"url": "https://github.com/dcooney/ajax-load-more/commit/b577b3257544bc74a5d2ad14f0a0f7df3eb843de"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Infinite Scroll \u2013 Ajax Load More \u003c= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2433",
"datePublished": "2022-09-06T17:18:56.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2026-04-08T16:33:05.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}