Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4370
The multimedial images WordPress plugin up to and including 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Multimedial Images Project Multimedial Images
4.3
CVSSv2
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
NA
CVE-2022-4374
The Bg Bible References WordPress plugin up to and including 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Bg Bible References Project Bg Bible References
4.3
CVSSv2
CVE-2022-0625
The Admin Menu Editor WordPress plugin up to and including 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Admin Menu Editor Project Admin Menu Editor
3.5
CVSSv2
CVE-2022-1549
The WP Athletics WordPress plugin up to and including 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
Wp Athletics Project Wp Athletics
NA
CVE-2023-2026
The Image Protector WordPress plugin up to and including 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisi...
Image Protector Project Image Protector
7.5
CVSSv2
CVE-2022-23611
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade.
Itunesrpc-remastered Project Itunesrpc-remastered -
3.5
CVSSv2
CVE-2021-24538
The Current Book WordPress plugin up to and including 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Current Book Project Current Book
NA
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin up to and including 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Pretty Url Project Pretty Url
4.3
CVSSv2
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Admin Menu Project Admin Menu
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »