Skip to main content
CVE-2022-24762 MEDIUM POC PATCH This Month

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sysend Js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0593 MEDIUM POC This Month

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service WordPress Login With Phone Number
NVD WPScan
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24749 MEDIUM POC PATCH This Month

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sylius
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-22734 MEDIUM POC This Month

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Simple Quotation
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0648 MEDIUM POC This Month

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Team Circle Image Slider With Lightbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0601 MEDIUM POC PATCH This Month

The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Countdown Coming Soon Maintenance Countdown Clock
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0503 MEDIUM POC This Month

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Multisite Content Copier Updater
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0449 MEDIUM POC This Month

The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flexi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0399 MEDIUM POC PATCH This Month

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Advanced Product Labels For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0327 MEDIUM POC This Month

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Master Addons For Elementor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0321 MEDIUM POC This Month

The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Voting Contest
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0248 MEDIUM POC PATCH This Month

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Contact Form Submissions
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-0230 MEDIUM POC This Month

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Bwp Google Xml Sitemaps
NVD WPScan
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-0165 MEDIUM POC This Month

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect WordPress Kingcomposer
NVD WPScan
CVSS 3.1
6.1
EPSS
4.3%
CVE-2022-0161 MEDIUM POC PATCH This Month

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Ari Fancy Lightbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0147 MEDIUM POC PATCH This Month

The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Wp Gdpr Compliance
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-24384 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartertrack
NVD
CVSS 3.1
6.1
EPSS
4.7%
CVE-2022-24576 MEDIUM POC This Month

GPAC 1.0.1 is affected by Use After Free through MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24574 MEDIUM POC This Month

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-0962 MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0960 MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0946 MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0941 MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0940 MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0938 MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0341 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vditor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0937 MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0703 MEDIUM POC This Month

The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gd Mylist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0702 MEDIUM POC This Month

The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Petfinder Listings
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0701 MEDIUM POC This Month

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Seo 301 Meta
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0700 MEDIUM POC This Month

The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Tracking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0684 MEDIUM POC PATCH This Month

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Home Page Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-0674 MEDIUM POC This Month

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Kunze Law
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0659 MEDIUM POC This Month

The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Sync Qcloud Cos
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-22353 MEDIUM This Month

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Big Sql
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-24385 MEDIUM This Month

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Smartertrack
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-24733 MEDIUM PATCH This Month

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sylius
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-22344 MEDIUM This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Spectrum Copy Data Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24386 MEDIUM This Month

Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartertrack
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24742 MEDIUM PATCH This Month

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sylius
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy