| CVE-2022-4028 | Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures | simplepress | Simple:Press Forum | Medium | 6.4 | 2022-11-29 20:08:35 | Deep Dive |
| CVE-2022-4027 | Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies | simplepress | Simple:Press Forum | High | 7.2 | 2022-11-29 20:06:05 | Deep Dive |
| CVE-2022-38140 | WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload | Squirrly | SEO Plugin by Squirrly SEO (WordPress plugin) | High | 7.6 | 2022-11-28 19:55:06 | Deep Dive |
| CVE-2022-34654 | WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) | Virgial Berveling | Manage Notification E-mails (WordPress plugin) | Medium | 4.3 | 2022-11-28 19:30:10 | Deep Dive |
| CVE-2022-3603 | Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection | Unknown | Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list | 超危 | - | 2022-11-28 13:47:22 | Deep Dive |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | All In One WP Security & Firewall Team | All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) | Medium | 6.5 | 2022-11-22 16:00:11 | Deep Dive |
| CVE-2022-41609 | WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability | WordPlus | Better Messages (WordPress plugin) | Medium | 6.4 | 2022-11-18 23:18:51 | Deep Dive |
| CVE-2022-41155 | WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability | Pascal | iQ Block Country (WordPress) | Medium | 5.3 | 2022-11-18 23:17:38 | Deep Dive |
| CVE-2022-40216 | WordPress Better Messages plugin <= 1.9.10.69 - Auth. Messaging Block Bypass vulnerability | WordPlus | Better Messages (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:33:04 | Deep Dive |
| CVE-2022-40130 | WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability | Lester 'GaMerZ' Chan | WP-Polls (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:31:43 | Deep Dive |
| CVE-2022-41618 | WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability | David Lingren | Media Library Assistant (WordPress plugin) | Low | 3.7 | 2022-11-18 22:29:39 | Deep Dive |
| CVE-2022-41615 | WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | AGILELOGIX | Store Locator WordPress (WordPress plugin) | Medium | 6.1 | 2022-11-18 22:28:22 | Deep Dive |
| CVE-2022-41634 | WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability | Max Foundry | Media Library Folders (WordPress plugin) | Medium | 5.4 | 2022-11-18 22:27:02 | Deep Dive |
| CVE-2022-41135 | WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability | WPChill | Modula Image Gallery (WordPress plugin) | Medium | 6.5 | 2022-11-18 22:25:54 | Deep Dive |
| CVE-2022-41655 | WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability | AlgolPlus | Phone Orders for WooCommerce (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:22:14 | Deep Dive |
| CVE-2022-41643 | WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | Octa Code | Accessibility (WordPress plugin) | Medium | 4.8 | 2022-11-18 22:21:01 | Deep Dive |
| CVE-2022-40963 | WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | Themeum | WP Page Builder (WordPress plugin) | Medium | 4.8 | 2022-11-18 22:19:45 | Deep Dive |
| CVE-2022-41685 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Integration for Szamlazz.hu & WooCommerce and Csomagpontok és szállítási címkék WooCommerce hez plugins | Viszt Péter | Integration for Szamlazz.hu & WooCommerce (WordPress plugin) | Medium | 5.4 | 2022-11-18 22:18:34 | Deep Dive |
| CVE-2022-42459 | WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability | Biplob Adhikari | Image Hover Effects Ultimate (WordPress plugin) | High | 7.2 | 2022-11-18 22:17:20 | Deep Dive |
| CVE-2022-40695 | WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities | WP-buy | SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) | Medium | 5.4 | 2022-11-18 22:16:12 | Deep Dive |