Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-1320
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.003
Published
2022-05-23
CVE-2022-1547
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-23
CVE-2022-1558
The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.033
Published
2022-05-23
CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
CVSS Score
6.1
EPSS Score
0.057
Published
2022-05-23
CVE-2022-0781
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection
CVSS Score
9.8
EPSS Score
0.813
Published
2022-05-23
CVE-2022-1014
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-05-23
CVE-2022-1093
The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-23
CVE-2022-1192
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.004
Published
2022-05-23
CVE-2022-1218
The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-23
CVE-2022-1221
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
CVSS Score
6.1
EPSS Score
0.256
Published
2022-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved