CVE-2022-0211
published 2022-02-21CVE-2022-0211: The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site…
PriorityP417medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.59%
43.7th percentile
The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getshieldsecurity | shield_security | < 13.0.6 | 13.0.6 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5chx-62hx-4phc: The Shield Security WordPress plugin before 13
ghsa_unreviewed·2022-02-22
CVE-2022-0211 [MEDIUM] CWE-79 GHSA-5chx-62hx-4phc: The Shield Security WordPress plugin before 13
The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Red Hat
vim: heap buffer overflow in compile_lock_unlock() at src/vim9cmds.c
vendor_redhat·2022-08-15·CVSS 7.8
CVE-2022-2819 [HIGH] CWE-122 vim: heap buffer overflow in compile_lock_unlock() at src/vim9cmds.c
vim: heap buffer overflow in compile_lock_unlock() at src/vim9cmds.c
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.
Statement: Red Hat Product Security has rated this vulnerability as Low severity. Although successful exploitation could allow arbitrary code execution, the code would execute with the same privileges as the invoking user, greatly limiting the potential impact. Furthermore, the vulnerability can only be triggered by running a script within Vim, which requires explicit user action; greatly reducing the likelihood of ac
CISA
Apache HTTP Server Privilege Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2019-0211 [HIGH] CWE-416 Apache HTTP Server Privilege Escalation Vulnerability
Vulnerability: Apache HTTP Server Privilege Escalation Vulnerability
Affected: Apache HTTP Server
Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0211
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-21
Published