| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-45842 | WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability | TechnoWich | WP ULike (WordPress plugin) | Medium | 5.3 | 2022-11-30 12:40:05 | Deep Dive |
| CVE-2022-26366 | WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF) | Arnan de Gans | AdRotate Banner Manager (WordPress plugin) | Medium | 5.4 | 2022-11-30 12:30:08 | Deep Dive |
| CVE-2022-4036 | Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass | codepeople | Appointment Hour Booking – Booking Calendar | Medium | 5.3 | 2022-11-29 20:35:00 | Deep Dive |
| CVE-2022-4035 | Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form | codepeople | Appointment Hour Booking – Booking Calendar | High | 7.2 | 2022-11-29 20:32:29 | Deep Dive |
| CVE-2022-4034 | Appointment Hour Booking <= 1.3.72 - CSV Injection | codepeople | Appointment Hour Booking – Booking Calendar | Medium | 5.8 | 2022-11-29 20:30:16 | Deep Dive |
| CVE-2022-4033 | Quiz and Survey Master <= 8.0.4 - Improper Input Validation | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | Medium | 5.3 | 2022-11-29 20:25:27 | Deep Dive |
| CVE-2022-4032 | Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer | expresstech | Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | High | 7.2 | 2022-11-29 20:23:15 | Deep Dive |
| CVE-2022-4031 | Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification | simplepress | Simple:Press Forum | Low | 3.8 | 2022-11-29 20:16:00 | Deep Dive |
| CVE-2022-4030 | Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion | simplepress | Simple:Press Forum | High | 8.1 | 2022-11-29 20:13:25 | Deep Dive |
| CVE-2022-4029 | Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value | simplepress | Simple:Press Forum | Medium | 4.7 | 2022-11-29 20:10:25 | Deep Dive |
| CVE-2022-4028 | Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures | simplepress | Simple:Press Forum | Medium | 6.4 | 2022-11-29 20:08:35 | Deep Dive |
| CVE-2022-4027 | Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies | simplepress | Simple:Press Forum | High | 7.2 | 2022-11-29 20:06:05 | Deep Dive |
| CVE-2022-38140 | WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload | Squirrly | SEO Plugin by Squirrly SEO (WordPress plugin) | High | 7.6 | 2022-11-28 19:55:06 | Deep Dive |
| CVE-2022-34654 | WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) | Virgial Berveling | Manage Notification E-mails (WordPress plugin) | Medium | 4.3 | 2022-11-28 19:30:10 | Deep Dive |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | All In One WP Security & Firewall Team | All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) | Medium | 5.4 | 2022-11-22 16:00:11 | Deep Dive |
| CVE-2022-41609 | WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability | WordPlus | Better Messages (WordPress plugin) | Medium | 6.4 | 2022-11-18 23:18:51 | Deep Dive |
| CVE-2022-40216 | WordPress Better Messages plugin <= 1.9.10.69 - Auth. Messaging Block Bypass vulnerability | WordPlus | Better Messages (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:33:04 | Deep Dive |
| CVE-2022-40130 | WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability | Lester 'GaMerZ' Chan | WP-Polls (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:31:43 | Deep Dive |
| CVE-2022-41618 | WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability | David Lingren | Media Library Assistant (WordPress plugin) | Low | 3.7 | 2022-11-18 22:29:39 | Deep Dive |
| CVE-2022-41615 | WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | AGILELOGIX | Store Locator WordPress (WordPress plugin) | Medium | 6.1 | 2022-11-18 22:28:22 | Deep Dive |