Filtered by CWE-264

Search

Switch to Advanced Search (Beta)
Total 5456 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29444 1 Cloudways 1 Breeze 2025-02-20 6.5 Medium
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
CVE-2022-29423 1 Edmonsoft 1 Countdown Builder 2025-02-20 3.8 Low
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
CVE-2022-33198 1 Oxilab 1 Accordions 2025-02-20 9.8 Critical
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
CVE-2022-34487 1 Oxilab 1 Shortcode Addons 2025-02-20 9.8 Critical
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
CVE-2022-27235 1 Supsystic 1 Social Share Buttons 2025-02-20 6.3 Medium
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVE-2022-33969 1 Oxilab 1 Flipbox 2025-02-20 7.2 High
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.
CVE-2022-36375 1 Oxilab 1 Responsive Tabs 2025-02-20 7.2 High
Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress.
CVE-2022-33970 1 Oxilab 1 Shortcode Addons 2025-02-20 7.2 High
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress.
CVE-2022-25649 1 Storeapps 1 Affiliate For Woocommerce 2025-02-20 5 Medium
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.
CVE-2022-34149 1 Miniorange 1 Wp Oauth Server 2025-02-20 9.8 Critical
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
CVE-2022-35242 1 59sec 1 The Leads Management System\ 2025-02-20 6.5 Medium
Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
CVE-2022-34868 1 Yookassa 1 Yukassa For Woocommerce 2025-02-20 8.8 High
Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress.
CVE-2022-36425 1 Fastlinemedia 1 Beaver Builder 2025-02-20 5.4 Medium
Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress.
CVE-2022-36387 1 About-me Project 1 About-me 2025-02-20 7.6 High
Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.
CVE-2022-37344 1 Accommodation-system Project 1 Accommodation-system 2025-02-20 7.6 High
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.
CVE-2022-36427 1 About-rentals Project 1 About-rentals 2025-02-20 7.3 High
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.
CVE-2022-38070 1 Mypopups 1 Pop-up 2025-02-20 5.4 Medium
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
CVE-2022-38058 1 Wpvar 1 Wp Shamsi 2025-02-20 4.3 Medium
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.
CVE-2022-36793 1 Wp-shop 1 Wp Shop 2025-02-20 6.5 Medium
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
CVE-2022-38067 1 Total-soft 1 Event Calendar 2025-02-20 6.5 Medium
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.