CVE Disclosures

Vues : 696

< 1 min read
What Is a CVE and How To Understand It | WhiteSource

I’ll list here my various finds/CVE :

Chart by Visualizer
VendorTypeCVEDateReference
Admin Log
<= 1.50
CSRFCVE-2023-237212023-01-04https://patchstack.com/database/vulnerability/admin-log/wordpress-admin-log-plugin-1-50-cross-site-request-forgery-csrf-vulnerability
Nice PayPal Button Lite
<= 1.3.5
CSRFCVE-2023-226862023-01-04https://patchstack.com/database/vulnerability/nice-paypal-button-lite/wordpress-nice-paypal-button-lite-plugin-1-3-5-cross-site-request-forgery-csrf-vulnerability
WP Tabs Slides
<= 2.0.3
CSRFCVE-2023-226882023-01-04https://patchstack.com/database/vulnerability/wordpress-tabs-slides/wordpress-wp-tabs-slides-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability
SRS Simple Hits Counter
<= 1.1.0
CSRFCVE-2023-227092023-01-03https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability
WP Fast Cache <= 1.5CSRFCVE-2023-226752023-01-03https://patchstack.com/database/vulnerability/wp-fast-cache/wordpress-wp-fast-cache-plugin-1-5-cross-site-request-forgery-csrf-vulnerability
No API Amazon Affiliate
<= 4.2.2
Stored XSSCVE-2023-226802023-01-02https://patchstack.com/database/vulnerability/no-api-amazon-affiliate/wordpress-no-api-amazon-affiliate-plugin-4-2-2-cross-site-scripting-xss
WP Better Emails <= 0.4Stored XSSCVE-2023-226792023-01-02https://patchstack.com/database/vulnerability/wp-better-emails/wordpress-wp-better-emails-plugin-0-4-cross-site-scripting-xss
WP Pipes
<= 1.33
SQL InjectionCVE-2022-453552022-12-18https://patchstack.com/database/vulnerability/wp-pipes/wordpress-wp-pipes-plugin-1-33-auth-sql-injection-sqli-vulnerability
Hover Image
<= 1.4.1
CSRFCVE-2022-476112022-12-13https://patchstack.com/database/vulnerability/hover-image/wordpress-hover-image-plugin-1-4-1-cross-site-request-forgery-csrf
DNUI
<= 2.8.1
CSRFCVE-2022-476092022-12-11https://patchstack.com/database/vulnerability/dnui-delete-not-used-image-wordpress/wordpress-dnui-plugin-2-8-1-multiple-cross-site-request-forgery-csrf
WP Super Popup <= 1.1.2Stored XSSCVE-2022-475982022-12-10https://patchstack.com/database/vulnerability/wp-super-popup/wordpress-wp-super-popup-plugin-1-1-2-cross-site-scripting-xss
Universal Star Rating <= 2.1.0CSRFCVE-2022-468672022-12-09https://patchstack.com/database/vulnerability/universal-star-rating/wordpress-universal-star-rating-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability
WP CSV Exporter <= 1.3.6CSV InjectionCVE-2022-387022022-12-08https://patchstack.com/database/vulnerability/wp-csv-exporter/wordpress-wp-csv-exporter-plugin-1-3-6-authenticated-csv-injection-vulnerability
Custom Content by Country <= 3.1.2CSRFCVE-2022-416502022-12-02https://patchstack.com/database/vulnerability/custom-content-by-country/wordpress-custom-content-by-country-plugin-3-1-2-broken-access-control-vulnerability
Export Users Data CSV <= 2.1CSV InjectionCVE-2022-416162022-11-30https://patchstack.com/database/vulnerability/export-users-data-csv/wordpress-export-users-data-csv-plugin-2-1-auth-csv-injection-vulnerability
ProfileGrid
<= 5.1.6
CSV InjectionCVE-2022-417912022-11-17https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability
News Announcement Scroll Plugin <= 8.8.8Stored XSSCVE-2022-406942022-11-17https://patchstack.com/database/vulnerability/news-announcement-scroll/wordpress-news-announcement-scroll-plugin-8-8-8-auth-stored-cross-site-scripting-xss-vulnerability
User Blocker
<= 1.5.5
CSV InjectionCVE-2022-450782022-11-09https://patchstack.com/database/vulnerability/user-blocker/wordpress-user-blocker-plugin-1-5-5-auth-csv-injection-vulnerability
Homepage Pop-up <= 1.2.5CSRFCVE-2022-445852022-11-01https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-popup-plugin-1-2-5-cross-site-request-forgery-csrf-vulnerability
Homepage Pop-up <= 1.2.5Stored XSSCVE-2022-434802022-11-01https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-pop-up-plugin-1-2-5-unauth-stored-cross-site-scripting-xss-vulnerability
IP Blacklist Cloud <= 5.00SQL InjectionCVE-2022-434622022-10-24https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-sql-injection-sqli-vulnerability
IP Blacklist Cloud <= 5.00Stored XSSCVE-2022-424622022-10-24https://patchstack.com/database/vulnerability/ip-blacklist-cloud/wordpress-ip-blacklist-cloud-plugin-5-00-auth-stored-cross-site-scripting-xss-vulnerability
Simple SEO
<= 1.8.12
CSRFCVE-2022-446272022-10-20https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability
Simple SEO
<= 1.8.12
CSRFCVE-2022-364042022-10-20https://patchstack.com/database/vulnerability/cds-simple-seo/wordpress-simple-seo-plugin-1-8-12-authenticated-sitemap-deletion-creation-vulnerability
Page View Count <= 2.5.5CSRFCVE-2022-401312022-09-07https://patchstack.com/database/vulnerability/page-views-count/wordpress-page-view-count-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability
Rock Convert
<= 2.11.0
Stored XSSCVE-2022-364282022-09-05https://patchstack.com/database/vulnerability/rock-convert/wordpress-rock-convert-plugin-2-11-0-auth-cross-site-scripting-xss-vulnerability
Export Post Info <= 1.1.0CSV InjectionCVE-2022-380612022-08-27https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-2-0-authenticated-csv-injection-vulnerability
Export Post Info <= 1.1.0Stored XSSCVE-2022-380682022-08-27https://patchstack.com/database/vulnerability/export-post-info/wordpress-export-post-info-plugin-1-1-0-authenticated-stored-cross-site-scripting-xss-vulnerability
Mantenimiento web <= 0.13Stored XSSCVE-2022-419802022-08-21https://patchstack.com/database/vulnerability/mantenimiento-web/wordpress-mantenimiento-web-plugin-0-13-auth-cross-site-scripting-xss-vulnerability
CM Download Manager < 2.8.6File Upload to RCECVE-2022-30762022-08-19https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd
Goolytics – Simple Google Analytics < 1.1.2Stored XSSCVE-2022-31322022-08-19https://wpscan.com/vulnerability/ed2dc1b9-f9f9-4e99-87b3-a614c223dd64
WP Server Health Stats < 1.7.0Stored XSSCVE-2022-28872022-08-17https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497
Affiliates Manager < 2.9.14Stored XSSCVE-2022-27992022-08-11https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4
Search Logger
<= 0.9
SQL InjectionCVE-2022-31312022-08-11https://wpscan.com/vulnerability/b6c62e53-ae49-4fe0-aed9-0c493fc4442d
Image optimization & Lazy Load < 3.3.2Stored XSS CVE-2022-09692022-03-14https://wpscan.com/vulnerability/59a7a441-7384-4006-89b4-15345f70fabf
Facebook Social comments < 2.5.0Stored XSS CVE-2022-0876 2022-03-07https://wpscan.com/vulnerability/73be6e92-ea37-4416-977d-52ee2afa022a
BulletProof Security < 5.8Stored XSS CVE-2022-0590 2022-02-10https://wpscan.com/vulnerability/08b66b69-3c69-4a1e-9c0a-5697e31bc04e
Opensea < 1.0.3Stored XSSCVE-2022-12282022-02-04https://wpscan.com/vulnerability/ef6830c0-e933-4e62-8321-011d91f9cfea
E2Pdf < 1.16.45Stored XSS CVE-2022-05352022-02-04https://wpscan.com/vulnerability/a4162e96-a3c5-4f38-a60b-aa3ed9508985
Shared Files < 1.6.61Stored XSS CVE-2021-24856 2021-10-11 https://wpscan.com/vulnerability/8fd483fb-d399-4b4f-b4ef-bbfad1b5cf1b
Helpful < 4.4.59Stored XSSCVE-2021-248412021-10-06https://wpscan.com/vulnerability/55d11acf-8c47-40da-be47-24f74fd7566e
Shop Page WP < 1.2.8 Stored XSS CVE-2021-24811 2021-09-30 https://wpscan.com/vulnerability/000e65f1-89cd-4dd5-a09d-5febd9fdfbdb