CVE-2022-23346
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
Source: CVE-2022-23346
CVE-2022-23346
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
Source: CVE-2022-23346
CVE-2022-23345
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
Source: CVE-2022-23345
CVE-2022-0694
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection
Source: CVE-2022-0694
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
Source: CVE-2022-0739
CVE-2022-0627
The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Source: CVE-2022-0627
CVE-2022-0640
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Source: CVE-2022-0640
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Source: CVE-2022-0628
CVE-2022-0681
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack
Source: CVE-2022-0681
CVE-2022-24775
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
Source: CVE-2022-24775
CVE-2022-0760
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
Source: CVE-2022-0760