|
431
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Att…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50959
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50958
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50957
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the…
New
|
CWE-22
Path Traversal
|
CVE-2022-50956
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can …
New
|
CWE-352
Origin Validation Error
|
CVE-2022-50955
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2022-50954
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, we…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50949
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50948
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po…
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50947
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title …
New
|
CWE-79
Cross-site Scripting
|
CVE-2022-50946
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
