Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2022-4816
|
N/A |
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
|
23 Jan 2023
|
|
|
CVE-2022-3432
|
N/A |
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
|
23 Jan 2023
|
|
|
CVE-2022-3430
|
N/A |
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
|
23 Jan 2023
|
|
|
CVE-2022-1892
|
N/A |
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
|
23 Jan 2023
|
|
|
CVE-2022-1891
|
N/A |
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
|
23 Jan 2023
|
|
|
CVE-2022-1890
|
N/A |
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
|
23 Jan 2023
|
|
|
CVE-2022-0316
|
N/A |
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
|
23 Jan 2023
|
|
|
CVE-2022-4775
|
N/A |
The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4718
|
N/A |
The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4542
|
N/A |
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4485
|
N/A |
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4305
|
N/A |
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
|
23 Jan 2023
|
|
|
CVE-2022-4715
|
N/A |
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4650
|
N/A |
The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
|
23 Jan 2023
|
|
|
CVE-2022-4017
|
N/A |
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
|
23 Jan 2023
|
|
|
CVE-2022-4693
|
N/A |
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
|
23 Jan 2023
|
|
|
CVE-2022-4758
|
N/A |
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4467
|
N/A |
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
|
23 Jan 2023
|
|
|
CVE-2022-4627
|
N/A |
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4790
|
N/A |
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
|
23 Jan 2023
|
|
|
CVE-2022-4303
|
N/A |
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
|
23 Jan 2023
|
|
|
CVE-2022-4753
|
N/A |
The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
|
23 Jan 2023
|
|
|
CVE-2022-4323
|
N/A |
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
|
23 Jan 2023
|
|
|
CVE-2022-4548
|
N/A |
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
|
23 Jan 2023
|
|
|
CVE-2022-4509
|
N/A |
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.
|
23 Jan 2023
|
CVE-2022-4816
N/A
23 Jan 2023
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
CVE-2022-3432
N/A
23 Jan 2023
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-3430
N/A
23 Jan 2023
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVE-2022-1892
N/A
23 Jan 2023
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1891
N/A
23 Jan 2023
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-1890
N/A
23 Jan 2023
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVE-2022-0316
N/A
23 Jan 2023
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
CVE-2022-4775
N/A
23 Jan 2023
The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4718
N/A
23 Jan 2023
The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4542
N/A
23 Jan 2023
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4485
N/A
23 Jan 2023
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4305
N/A
23 Jan 2023
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.
CVE-2022-4715
N/A
23 Jan 2023
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4650
N/A
23 Jan 2023
The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2022-4017
N/A
23 Jan 2023
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2022-4693
N/A
23 Jan 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
CVE-2022-4758
N/A
23 Jan 2023
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4467
N/A
23 Jan 2023
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
CVE-2022-4627
N/A
23 Jan 2023
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4790
N/A
23 Jan 2023
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVE-2022-4303
N/A
23 Jan 2023
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
CVE-2022-4753
N/A
23 Jan 2023
The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4323
N/A
23 Jan 2023
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
CVE-2022-4548
N/A
23 Jan 2023
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
CVE-2022-4509
N/A
23 Jan 2023
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.
Page 727 of 752
Page 727 of 752