Live-Hack-CVE/CVE-2021-31576 In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:39 +0000 UTC Push: 2023-02-07 08:06:41 +0000 UTC |

Live-Hack-CVE/CVE-2021-31575 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:35 +0000 UTC Push: 2023-02-07 08:06:38 +0000 UTC |

Live-Hack-CVE/CVE-2021-31574 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:32 +0000 UTC Push: 2023-02-07 08:06:34 +0000 UTC |

Live-Hack-CVE/CVE-2021-31573 In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:28 +0000 UTC Push: 2023-02-07 08:06:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4649 The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:25 +0000 UTC Push: 2023-02-07 08:06:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-4654 The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:20 +0000 UTC Push: 2023-02-07 08:06:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-4749 The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users CVE project by @Sn0wAlice Create: 2023-02-07 08:06:11 +0000 UTC Push: 2023-02-07 08:06:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-4765 The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-07 08:06:08 +0000 UTC Push: 2023-02-07 08:06:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-4787 Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:06:03 +0000 UTC Push: 2023-02-07 08:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4781 The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 08:05:59 +0000 UTC Push: 2023-02-07 08:06:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4747 The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high priv CVE project by @Sn0wAlice Create: 2023-02-07 05:52:53 +0000 UTC Push: 2023-02-07 05:52:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-4717 The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as a CVE project by @Sn0wAlice Create: 2023-02-07 05:52:49 +0000 UTC Push: 2023-02-07 05:52:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-4681 The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. CVE project by @Sn0wAlice Create: 2023-02-07 05:52:46 +0000 UTC Push: 2023-02-07 05:52:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-4677 The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-07 05:52:42 +0000 UTC Push: 2023-02-07 05:52:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-4674 The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack CVE project by @Sn0wAlice Create: 2023-02-07 05:52:38 +0000 UTC Push: 2023-02-07 05:52:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4670 The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-07 05:52:35 +0000 UTC Push: 2023-02-07 05:52:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-4664 The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-07 05:52:31 +0000 UTC Push: 2023-02-07 05:52:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4577 The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-02-07 05:52:27 +0000 UTC Push: 2023-02-07 05:52:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4489 The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-02-07 05:52:23 +0000 UTC Push: 2023-02-07 05:52:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-4459 The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-02-07 05:52:20 +0000 UTC Push: 2023-02-07 05:52:22 +0000 UTC |