Skip to main content
CVE-2022-0681 MEDIUM POC This Month

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Membership
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0514 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Crater
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25570 MEDIUM POC This Month

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Passwordstate
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-0640 MEDIUM POC This Month

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pricing Table Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0628 MEDIUM POC This Month

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ap Mega Menu
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0627 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Amelia
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24656 MEDIUM POC This Month

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hexoeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23348 MEDIUM POC This Month

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigant Server
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
3.4%
CVE-2022-23350 MEDIUM POC This Month

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bigant Server
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1035 MEDIUM POC PATCH This Month

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27090 MEDIUM POC This Month

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cscms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-0423 MEDIUM POC This Month

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress 3d Flipbook
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0364 MEDIUM POC THREAT This Month

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
69.6%
CVE-2022-0590 MEDIUM POC This Month

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bulletproof Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0616 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Amelia
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0515 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Crater
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0475 MEDIUM This Month

Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26494 MEDIUM This Month

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Signserver
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1004 MEDIUM This Month

Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy