Security Vulnerabilities - CVEs Published In March 2022
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
CVSS Score
6.4
EPSS Score
0.002
Published
2022-03-14
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-14
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-14
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
CVSS Score
9.8
EPSS Score
0.916
Published
2022-03-14
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-03-14
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-14
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-14
GPAC 1.0.1 is affected by Use After Free through MP4Box.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-14
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-03-14
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVSS Score
8.8
EPSS Score
0.48
Published
2022-03-14