| CVE-2022-29438 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | NextCode | Image Slider by NextCode – Photo & Video SLider (WordPress plugin) | Medium | 4.8 | 2022-06-15 15:14:43 | Deep Dive |
| CVE-2022-29437 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | NextCode | Image Slider by NextCode – Photo & Video SLider (WordPress plugin) | Medium | 5.4 | 2022-06-15 15:12:24 | Deep Dive |
| CVE-2022-29406 | WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | DynamicWebLab | WordPress Team Manager (WordPress plugin) | Medium | 4.1 | 2022-06-15 13:14:22 | Deep Dive |
| CVE-2022-27859 | WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | Nicdark d.o.o. | Travel Management (WordPress plugin) | Medium | 4.1 | 2022-06-15 13:12:02 | Deep Dive |
| CVE-2021-36901 | WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | Phil Baker | Age Gate (WordPress plugin) | Medium | 6.1 | 2022-06-15 13:09:31 | Deep Dive |
| CVE-2022-29455 | WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder (WordPress plugin) | Medium | 4.7 | 2022-06-13 16:09:13 | Deep Dive |
| CVE-2022-1787 | Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS | Unknown | Sideblog WordPress Plugin | 中危 | - | 2022-06-13 12:42:54 | Deep Dive |
| CVE-2022-1710 | Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting | Unknown | Appointment Hour Booking – WordPress Booking Plugin | 中危 | - | 2022-06-13 12:42:28 | Deep Dive |
| CVE-2021-36890 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability | supsystic.com | Social Share Buttons by Supsystic (WordPress plugin) | Medium | 4.3 | 2022-05-31 19:30:51 | Deep Dive |
| CVE-2021-36866 | WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Fatcat Apps | Easy Pricing Tables (WordPress plugin) | Medium | 4.8 | 2022-05-31 19:24:57 | Deep Dive |
| CVE-2022-0642 | JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF | Unknown | JivoChat Live Chat – WP live chat plugin for WordPress | 中危 | - | 2022-05-30 08:35:35 | Deep Dive |
| CVE-2022-29408 | WordPress Advanced Contact form 7 DB plugin <= 1.8.7 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability | Vsourz Digital | Advanced Contact form 7 DB (WordPress plugin) | Medium | 4.7 | 2022-05-25 15:58:26 | Deep Dive |
| CVE-2022-29432 | WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | TMS-Plugins | wpDataTables – Tables & Table Charts (WordPress plugin) | Low | 3.4 | 2022-05-20 20:48:21 | Deep Dive |
| CVE-2022-29431 | Remove CPT base <= 5.8 - CSRF leads to CPT base deletion | KubiQ | Remove CPT base (WordPress plugin) | Medium | 5.4 | 2022-05-20 20:47:13 | Deep Dive |
| CVE-2022-29430 | WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability | KubiQ | PNG to JPG (WordPress plugin) | Medium | 4.7 | 2022-05-20 20:44:52 | Deep Dive |
| CVE-2022-29447 | WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability | Wow-Company | Hover Effects – easily create any hover effect (WordPress plugin) | Medium | 6.8 | 2022-05-20 20:17:03 | Deep Dive |
| CVE-2022-29427 | WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability | Aftab Muni | Disable Right Click For WP (WordPress plugin) | Medium | 4.3 | 2022-05-20 20:09:54 | Deep Dive |
| CVE-2022-29426 | WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | 2J Slideshow Team | Slideshow, Image Slider by 2J (WordPress plugin) | Medium | 5.4 | 2022-05-20 20:03:42 | Deep Dive |
| CVE-2022-29448 | WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability | Wow-Company | Herd Effects (WordPress plugin) | Medium | 6.8 | 2022-05-20 19:59:37 | Deep Dive |
| CVE-2022-29425 | WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability | WP Wham | Checkout Files Upload for WooCommerce (WordPress plugin) | Medium | 6.1 | 2022-05-20 19:58:18 | Deep Dive |