CVE-2022-4627

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Publication date: Mon, 23 Jan 2023 21:15:00 +0000

Cyber News related to CVE-2022-4627

CVE-2022-4627 - The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks ...
1 year ago

CVE-2009-2311 - SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than ...
6 years ago

CVE-2009-4627 - Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614. ...
6 years ago

CVE-2005-4627 - Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. ...
6 years ago

CVE-2010-4627 - Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. ...
6 years ago

CVE-2015-4627 - SQL injection vulnerability in Pragyan CMS 3.0. ...
6 years ago

CVE-2007-4627 - SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. ...
6 years ago

CVE-2008-4627 - SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php. ...
6 years ago

CVE-2006-4627 - System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category ...
5 years ago

CVE-2016-4627 - IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. ...
5 years ago

CVE-2011-4627 - TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. ...
4 years ago

CVE-2013-4627 - Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data. ...
4 years ago

CVE-2020-4627 - IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. ...
2 years ago

CVE-2014-4627 - SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. ...
2 years ago

CVE-2018-4627 - ** REJECT ** This candidate is unused by its CNA. ...
9 months ago

CVE-2017-4627 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2023-4627 - The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with ...
3 months ago

CVE-2024-1618 - A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this ...
3 months ago

CVE-2024-4627 - The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager ...
3 days ago

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
5 months ago Pandasecurity.com

SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
1 year ago Securityweek.com

CVE-2022-22012 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
2 years ago

CVE-2022-22013 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
2 years ago

CVE-2022-22014 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
2 years ago

CVE-2022-29141 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139. ...
2 years ago

Latest Cyber News

CVE-2024-40605 - 6 hours ago
CVE-2024-40604 - 6 hours ago
CVE-2024-40603 - 6 hours ago
CVE-2024-40602 - 6 hours ago
CVE-2024-40601 - 6 hours ago
CVE-2024-40600 - 6 hours ago
CVE-2024-40599 - 6 hours ago
CVE-2024-40598 - 6 hours ago
CVE-2024-40596 - 6 hours ago
CVE-2024-40597 - 6 hours ago
CVE-2024-6095 - 12 hours ago
CVE-2024-37554 - 13 hours ago
CVE-2024-37553 - 14 hours ago
CVE-2024-37547 - 15 hours ago
CVE-2024-37546 - 15 hours ago
CVE-2024-37542 - 17 hours ago
CVE-2024-37541 - 17 hours ago
CVE-2024-37539 - 17 hours ago
CVE-2024-39486 - 20 hours ago
CVE-2024-37260 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-40605 - 6 hours ago
CVE-2024-40604 - 6 hours ago
CVE-2024-40603 - 6 hours ago
CVE-2024-40602 - 6 hours ago
CVE-2024-40601 - 6 hours ago
CVE-2024-40600 - 6 hours ago
CVE-2024-40599 - 6 hours ago
CVE-2024-40598 - 6 hours ago
CVE-2024-40596 - 6 hours ago
CVE-2024-40597 - 6 hours ago
CVE-2024-6095 - 12 hours ago
CVE-2024-37553 - 14 hours ago
CVE-2024-37554 - 13 hours ago
CVE-2024-37547 - 15 hours ago
CVE-2024-37546 - 15 hours ago
CVE-2024-37542 - 17 hours ago
CVE-2024-37541 - 17 hours ago
CVE-2024-37539 - 17 hours ago
CVE-2024-39486 - 20 hours ago
CVE-2024-37260 - 20 hours ago