Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1303
The Slide Anything WordPress plugin prior to 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Slide Anything Project Slide Anything
NA
CVE-2022-4374
The Bg Bible References WordPress plugin up to and including 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Bg Bible References Project Bg Bible References
4.3
CVSSv2
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
4.3
CVSSv2
CVE-2022-0625
The Admin Menu Editor WordPress plugin up to and including 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Admin Menu Editor Project Admin Menu Editor
3.5
CVSSv2
CVE-2022-1549
The WP Athletics WordPress plugin up to and including 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
Wp Athletics Project Wp Athletics
NA
CVE-2023-2026
The Image Protector WordPress plugin up to and including 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisi...
Image Protector Project Image Protector
3.5
CVSSv2
CVE-2021-24538
The Current Book WordPress plugin up to and including 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
Current Book Project Current Book
7.5
CVSSv2
CVE-2022-23611
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade.
Itunesrpc-remastered Project Itunesrpc-remastered -
4.3
CVSSv2
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Admin Menu Project Admin Menu
NA
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin up to and including 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Pretty Url Project Pretty Url
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »