Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4005
The Donation Button WordPress plugin up to and including 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Donation Button Project Donation Button
6.1
CVSSv3
CVE-2022-0620
The Delete Old Orders WordPress plugin up to and including 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Deleteoldorders Project Delete Old Orders
9.8
CVSSv3
CVE-2022-4049
The WP User WordPress plugin up to and including 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Wp User Project Wp User
6.1
CVSSv3
CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
Curly-bracket-parser Project Curly-bracket-parser
8.8
CVSSv3
CVE-2020-25379
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated malicious user to inject a malicious SQL query.
Recall-products Project Recall-products 0.8
9.8
CVSSv3
CVE-2019-16699
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
Sr Freecap Project Sr Freecap
6.1
CVSSv3
CVE-2017-16015
Forms is a library for easily creating HTML forms. Versions prior to 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Forms Project Forms
4.8
CVSSv3
CVE-2022-3753
The Evaluate WordPress plugin up to and including 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in mu...
Evaluate Project Evaluate
4.8
CVSSv3
CVE-2021-25005
The SEUR Oficial WordPress plugin prior to 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Seur Oficial Project Seur Oficial
4.8
CVSSv3
CVE-2022-0446
The Simple Banner WordPress plugin prior to 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Simple Banner Project Simple Banner
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »