;


CVEs

CVE (Common Vulnerabilities and Exposures) is a list of computer security flaws and CVE IDs are assigned to flaws that meet a specific set of criteria.

This is the list of vulnerabilities I discovered and reported as an indipendent secuirty researcher.



CVE-2022-1397

API Privilege Escalation

Software: Easy!Appointments | CNA: Huntr | Details


CVE-2022-1393

WP Subtitle <= 3.4 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actors

Software: Easy!Appointments | CNA: Huntr | Details


CVE-2021-24897

Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24826

Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24825

Custom Content Shortcode < 4.0.2 - Authenticated Local File Inclusion

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24824

Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24803

Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24704

Orange Form <= 1.0 - SQL Injection via CSRF

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24688

Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24859

User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Meta Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24855

Display Post Metadata <= 1.4.0 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24845

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24819

Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24818

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24780

Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24872

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Metadata Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24871

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24745

About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24850

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24851

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

Software: WordPress Plugin | CNA: WPScan | Details


CVE-2021-24832

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

Software: WordPress Plugin | CNA: WPScan | Details