Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-17 | CVE-2022-2099 | Code Injection vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 3.5 |
| 2022-07-17 | CVE-2022-2100 | Cross-site Scripting vulnerability in Wpzinc Page Generator The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2114 | Cross-site Scripting vulnerability in Supsystic Data Tables Generator The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 3.5 |
| 2022-07-17 | CVE-2022-2118 | Cross-site Scripting vulnerability in Tooltulips 404S The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2148 | Cross-site Scripting vulnerability in Linkedin Company Updates Project Linkedin Company Updates The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2149 | Cross-site Scripting vulnerability in Very Simple Breadcrumb Project Very Simple Breadcrumb The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2151 | Cross-site Scripting vulnerability in Emarketdesign Best Contact Management Software The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2169 | Cross-site Scripting vulnerability in Dwbooster Loading Page With Loading Screen The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2186 | Cross-site Scripting vulnerability in Bracketspace Simple Post Notes The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2022-07-17 | CVE-2022-2194 | Cross-site Scripting vulnerability in Tipsandtricks-Hq Accept Stripe The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |