Skip to main content
CVE-2022-1171 MEDIUM POC This Month

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Vertical Scroll Recent Post
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1047 MEDIUM POC This Month

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Type Builder Search Addon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0625 MEDIUM POC This Month

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Menu Editor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-43712 MEDIUM POC This Month

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Employee Daily Task Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-27114 MEDIUM POC PATCH This Month

There is a vulnerability in htmldoc 1.9.16. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Htmldoc Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-27308 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phprojekt Phpsimplygest
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2022-0898 MEDIUM POC This Month

The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Igniteup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0424 MEDIUM POC This Month

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Popup
NVD WPScan
CVSS 3.1
5.3
EPSS
2.9%
CVE-2022-1338 MEDIUM POC This Month

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easily Generate Rest Api
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1303 MEDIUM POC This Month

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slide Anything
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1104 MEDIUM POC THREAT This Month

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Maker
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
55.8%
CVE-2022-0874 MEDIUM POC This Month

The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Social Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-29868 MEDIUM This Month

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp 1Password
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28161 MEDIUM This Month

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22319 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-22481 MEDIUM PATCH This Month

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy