Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4447
The Fontsy WordPress plugin up to and including 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Fontsy Project Fontsy
NA
CVE-2022-4374
The Bg Bible References WordPress plugin up to and including 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Bg Bible References Project Bg Bible References
NA
CVE-2023-22461
The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal `<script>`-tags and on-event handlers were detected in versions before 0.4.0. As a result, downstream so...
Sanitize-svg Project Sanitize-svg
NA
CVE-2022-4351
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
NA
CVE-2022-4352
The Qe SEO Handyman WordPress plugin up to and including 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Qe Seo Handyman Project Qe Seo Handyman
NA
CVE-2022-4358
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
NA
CVE-2022-4359
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
NA
CVE-2022-4360
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
NA
CVE-2022-4370
The multimedial images WordPress plugin up to and including 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Multimedial Images Project Multimedial Images
NA
CVE-2022-4372
The Web Invoice WordPress plugin up to and including 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration...
Web Invoice Project Web Invoice
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »