CVEs
CVE (Common Vulnerabilities and Exposures) is a list of computer security flaws and CVE IDs are assigned to flaws that meet a specific set of criteria.
This is the list of vulnerabilities I discovered and reported as an indipendent secuirty researcher.
CVE-2022-1397
API Privilege Escalation
Software: Easy!Appointments | CNA: Huntr | Details
CVE-2022-1393
WP Subtitle <= 3.4 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actors
Software: Easy!Appointments | CNA: Huntr | Details
CVE-2021-24897
Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24826
Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24825
Custom Content Shortcode < 4.0.2 - Authenticated Local File Inclusion
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24824
Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24803
Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24704
Orange Form <= 1.0 - SQL Injection via CSRF
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24688
Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24859
User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Meta Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24855
Display Post Metadata <= 1.4.0 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24845
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24819
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24818
WP Limits <= 1.0 - Plugin's Settings Update via CSRF
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24780
Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24872
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Metadata Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24871
Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24745
About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24850
Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24851
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
Software: WordPress Plugin | CNA: WPScan | Details
CVE-2021-24832
WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF
Software: WordPress Plugin | CNA: WPScan | Details