Skip to main content
CVE-2022-0767 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Calibre Web
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-0441 CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation WordPress Masterstudy Lms
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
84.9%
CVE-2022-0434 CRITICAL POC THREAT Act Now

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Page View Count
NVD WPScan
CVSS 3.1
9.8
EPSS
14.8%
CVE-2022-0349 CRITICAL POC THREAT Act Now

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Notificationx
NVD WPScan
CVSS 3.1
9.8
EPSS
34.4%
CVE-2022-0766 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Calibre Web
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-0439 HIGH POC This Week

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi CSRF WordPress Email Subscribers Newsletters
NVD WPScan
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-0410 HIGH POC This Week

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Visitor Statistics
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-0440 HIGH POC This Week

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Catch Themes Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-0420 HIGH POC PATCH This Week

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Registrationmagic
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-0267 HIGH POC This Week

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Adrotate
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-24737 MEDIUM POC PATCH This Month

HTTPie is a command-line HTTP client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Httpie Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-0756 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-0754 MEDIUM POC PATCH This Month

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-0445 MEDIUM POC This Month

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wordpress Real Cookie Banner
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0163 MEDIUM POC This Month

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Smart Forms
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-0533 MEDIUM POC PATCH This Month

The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Ditty
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-0429 MEDIUM POC This Month

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Cerber Security Anti Spam Malware Scan
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-0422 MEDIUM POC PATCH This Month

The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress White Label Cms
NVD WPScan
CVSS 3.1
6.1
EPSS
8.1%
CVE-2022-0347 MEDIUM POC This Month

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Loginpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0426 MEDIUM POC PATCH This Month

The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Product Feed Pro For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0205 MEDIUM POC This Month

The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yop Poll
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0535 MEDIUM POC PATCH This Month

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress E2pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
1.3%
CVE-2022-0448 MEDIUM POC This Month

The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Cp Blocks
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
6.3%
CVE-2022-0389 MEDIUM POC This Month

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Time Slots Booking Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-22351 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2022-0755 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Suitecrm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-0442 MEDIUM POC This Month

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Userswp
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-0384 MEDIUM POC PATCH This Month

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Information Disclosure Video Conferencing With Zoom
NVD WPScan
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-24738 HIGH PATCH This Week

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Evmos
NVD GitHub
CVSS 3.1
7.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy