Big tiger

3 exploits Active since Jan 2022
CVE-2022-0210 WRITEUP MEDIUM SUSPICIOUS
Random Banner WordPress <4.1.4 - XSS
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 4.8
CVE-2022-0232 WRITEUP MEDIUM WRITEUP
WordPress User Registration, Login & Landing Pages <1.2.7 - XSS
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 4.8
CVE-2022-0233 WRITEUP MEDIUM WRITEUP
ProfileGrid < 4.7.4 - Authenticated Stored Cross-Site Scripting via pm_user_avatar and pm_cover_image Parameters
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.
CVSS 6.4