Skip to main content
CVE-2022-0134 HIGH POC This Week

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Anycomment
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25297 HIGH POC PATCH This Week

This affects the package drogonframework/drogon before 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Drogon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-0255 HIGH POC This Week

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Database Backup
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-0228 HIGH POC This Week

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Popup Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
5.9%
CVE-2022-24295 HIGH This Week

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Code Injection Microsoft Advanced Server Access Client For Windows
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2022-23983 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wp Content Copy Protection No Right Click
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-22308 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-23984 HIGH This Week

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wpdiscuz
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy