Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sanitize project sanitize vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4372
The Web Invoice WordPress plugin up to and including 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration...
Web Invoice Project Web Invoice
NA
CVE-2022-2311
The Find and Replace All WordPress plugin prior to 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.
Find And Replace All Project Find And Replace All
NA
CVE-2023-5243
The Login Screen Manager WordPress plugin up to and including 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...
Login Screen Manager Project Login Screen Manager
4.3
CVSSv2
CVE-2020-24314
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Rss Feed Widget Project Rss Feed Widget
NA
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin up to and including 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
Menu Item Visibility Control Project Menu Item Visibility Control
NA
CVE-2022-4358
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
NA
CVE-2022-4359
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
NA
CVE-2022-4360
The WP RSS By Publishers WordPress plugin up to and including 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wp Rss By Publishers Project Wp Rss By Publishers
3.5
CVSSv2
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin up to and including 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Call&book Mobile Bar Project Call&book Mobile Bar
NA
CVE-2022-23514
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes...
Loofah Project Loofah
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »