|
601
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can …
Update
|
CWE-352
Origin Validation Error
|
CVE-2022-50955
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the…
Update
|
CWE-22
Path Traversal
|
CVE-2022-50956
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50958
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Att…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50959
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inj…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50960
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Setti…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50961
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50962
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filte…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50963
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50964
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
6.1 |
MEDIUM
Network
|
-
|
-
|
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-50965
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
