Total
2982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | |||||
| CVE-2022-1837 | 1 Home Clean Services Management System Project | 1 Home Clean Services Management System | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. | |||||
| CVE-2022-1811 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | |||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2022-1565 | 1 Wpallimport | 1 Wp All Import | 2024-11-21 | N/A | 7.2 HIGH |
| The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2022-1538 | 1 Themely | 1 Theme Demo Import | 2024-11-21 | N/A | 7.2 HIGH |
| Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed. | |||||
| CVE-2022-1519 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. | |||||
| CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | |||||
| CVE-2022-1409 | 1 Vikwp | 1 Hotel Booking Engine \& Pms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | |||||
| CVE-2022-1345 | 1 Organizr | 1 Organizr | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | |||||
| CVE-2022-1329 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | |||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | |||||
| CVE-2022-1103 | 1 Advanced Uploader Project | 1 Advanced Uploader | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE | |||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2024-11-21 | 6.5 MEDIUM | 7.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | |||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | |||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 MEDIUM | 6.7 MEDIUM |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-0912 | 1 Microweber | 1 Microweber | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | |||||