Skip to main content
CVE-2022-0658 CRITICAL POC Act Now

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Commonsbooking
NVD WPScan
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-0254 CRITICAL POC PATCH Act Now

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Zero Spam
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-0169 CRITICAL POC PATCH THREAT Act Now

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Photo Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
74.6%
CVE-2022-22735 HIGH POC This Week

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi CSRF WordPress Simple Quotation
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-0478 HIGH POC PATCH This Week

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-24743 HIGH POC PATCH This Week

Sylius is an open source eCommerce platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sylius
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2022-0943 HIGH POC PATCH This Week

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24578 HIGH POC This Week

GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-24577 HIGH POC This Week

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-24575 HIGH POC This Week

GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-24762 MEDIUM POC PATCH This Month

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sysend Js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0593 MEDIUM POC This Month

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service WordPress Login With Phone Number
NVD WPScan
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24749 MEDIUM POC PATCH This Month

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sylius
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-22734 MEDIUM POC This Month

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Simple Quotation
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0648 MEDIUM POC This Month

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Team Circle Image Slider With Lightbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0601 MEDIUM POC PATCH This Month

The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Countdown Coming Soon Maintenance Countdown Clock
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0503 MEDIUM POC This Month

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Multisite Content Copier Updater
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0449 MEDIUM POC This Month

The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flexi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0399 MEDIUM POC PATCH This Month

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Advanced Product Labels For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0327 MEDIUM POC This Month

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Master Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0321 MEDIUM POC This Month

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Voting Contest
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0248 MEDIUM POC PATCH This Month

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Contact Form Submissions
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-0230 MEDIUM POC This Month

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Bwp Google Xml Sitemaps
NVD WPScan
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-0165 MEDIUM POC This Month

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect WordPress Kingcomposer
NVD WPScan
CVSS 3.1
6.1
EPSS
4.3%
CVE-2022-0161 MEDIUM POC PATCH This Month

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Ari Fancy Lightbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0147 MEDIUM POC PATCH This Month

The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Wp Gdpr Compliance
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-24384 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartertrack
NVD
CVSS 3.1
6.1
EPSS
4.7%
CVE-2022-21187 CRITICAL PATCH Act Now

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Libvcs
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-23943 CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.4 version 2.4.52 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Apache Buffer Overflow Http Server Fedora +2
NVD
CVSS 3.1
9.8
EPSS
50.4%
CVE-2022-22720 CRITICAL PATCH Act Now

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Apache Request Smuggling Http Server Fedora +5
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2022-24576 MEDIUM POC This Month

GPAC 1.0.1 is affected by Use After Free through MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24574 MEDIUM POC This Month

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-0962 MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0960 MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0946 MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0941 MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0940 MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0938 MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0341 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vditor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0937 MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26320 CRITICAL Act Now

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safezone Basic Crypto Module Apeos C7070 Firmware Apeos C6570 Firmware Apeos C5570 Firmware +88
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-22721 CRITICAL PATCH Act Now

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.4.52 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apache Buffer Overflow Http Server Fedora +5
NVD
CVSS 3.1
9.1
EPSS
41.9%
CVE-2022-22346 HIGH This Week

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0703 MEDIUM POC This Month

The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gd Mylist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0702 MEDIUM POC This Month

The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Petfinder Listings
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0701 MEDIUM POC This Month

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Seo 301 Meta
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0700 MEDIUM POC This Month

The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Tracking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0684 MEDIUM POC PATCH This Month

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Home Page Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-0674 MEDIUM POC This Month

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Kunze Law
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0659 MEDIUM POC This Month

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Sync Qcloud Cos
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy