Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2022-07-17 CVE-2022-2099 Code Injection vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
3.5
2022-07-17 CVE-2022-2100 Cross-site Scripting vulnerability in Wpzinc Page Generator
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
wpzinc CWE-79
3.5
2022-07-17 CVE-2022-2114 Cross-site Scripting vulnerability in Supsystic Data Tables Generator
The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
network
supsystic CWE-79
3.5
2022-07-17 CVE-2022-2118 Cross-site Scripting vulnerability in Tooltulips 404S
The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
tooltulips CWE-79
3.5
2022-07-17 CVE-2022-2148 Cross-site Scripting vulnerability in Linkedin Company Updates Project Linkedin Company Updates
The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
3.5
2022-07-17 CVE-2022-2149 Cross-site Scripting vulnerability in Very Simple Breadcrumb Project Very Simple Breadcrumb
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
3.5
2022-07-17 CVE-2022-2151 Cross-site Scripting vulnerability in Emarketdesign Best Contact Management Software
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
3.5
2022-07-17 CVE-2022-2169 Cross-site Scripting vulnerability in Dwbooster Loading Page With Loading Screen
The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
dwbooster CWE-79
3.5
2022-07-17 CVE-2022-2186 Cross-site Scripting vulnerability in Bracketspace Simple Post Notes
The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
3.5
2022-07-17 CVE-2022-2194 Cross-site Scripting vulnerability in Tipsandtricks-Hq Accept Stripe
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
3.5