Skip to main content
CVE-2022-24553 CRITICAL POC Act Now

An issue was found in Zfaka <= 1.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zfaka
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-0691 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-0134 HIGH POC This Week

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Anycomment
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25297 HIGH POC PATCH This Week

This affects the package drogonframework/drogon before 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Drogon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-0255 HIGH POC This Week

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Database Backup
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-0228 HIGH POC This Week

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Popup Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
5.9%
CVE-2022-0692 MEDIUM POC PATCH This Month

Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Alltube
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2022-0288 MEDIUM POC This Month

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter Pro Ad Inserter
NVD WPScan
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-0252 MEDIUM POC This Month

The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Givewp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0234 MEDIUM POC This Month

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocs
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-0696 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-0186 MEDIUM POC This Month

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Image Photo Gallery Final Tiles Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24295 HIGH This Week

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection Microsoft Advanced Server Access Client For Windows
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2022-23983 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wp Content Copy Protection No Right Click
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0211 MEDIUM POC This Month

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shield Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0313 MEDIUM POC This Month

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Float Menu
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-0199 MEDIUM POC This Month

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Coming Soon And Maintenance Mode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-0164 MEDIUM POC PATCH This Month

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF WordPress Coming Soon And Maintenance Mode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-22308 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-23984 HIGH This Week

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wpdiscuz
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-0279 LOW POC Monitor

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition WordPress Information Disclosure Anycomment
NVD WPScan
CVSS 3.1
3.1
EPSS
0.5%
CVE-2022-0708 MEDIUM This Month

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24564 MEDIUM PATCH This Month

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Checkmk
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0563 MEDIUM This Month

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Util Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0564 MEDIUM This Month

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Qlik Sense
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-25599 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Spiffy Calendar
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy