Skip to main content
CVE-2022-1749 HIGH POC This Week

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP CSRF Wpmk Ajax Finder
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1918 HIGH POC This Week

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Toolbar To Share
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1657 HIGH POC This Week

Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jupiter Jupiterx
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-1654 HIGH POC This Week

Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Jupiter Jupiterx
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-1777 HIGH POC This Week

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Filr
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1765 HIGH POC This Week

The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Hot Linked Image Cacher
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1758 HIGH POC This Week

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Genki Pre Publish Reminder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2064 HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2063 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Nocodb
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1791 HIGH POC This Week

The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress One Click Plugin Updater
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-1779 HIGH POC This Week

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Auto Delete Posts
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-1202 HIGH POC This Week

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Wp Crm
NVD WPScan
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-33174 HIGH POC THREAT This Week

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Basic Pdu Firmware Pm Pdu Firmware Piml Pdu Firmware Smart Pim Firmware +3
NVD
CVSS 3.1
7.5
EPSS
13.4%
CVE-2022-1762 HIGH POC This Week

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Iq Block Country
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1412 HIGH POC This Week

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Log Wp Mail
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-2062 HIGH POC PATCH This Week

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1659 HIGH POC This Week

Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Denial Of Service Jupiterx
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-1800 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Export Any Wordpress Data To Xml Csv
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-0863 HIGH POC THREAT This Week

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Wp Svg Icons
NVD WPScan
CVSS 3.1
7.2
EPSS
22.9%
CVE-2022-1969 HIGH This Week

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Mobile Browser Color Select
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1900 HIGH This Week

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Copify
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-32562 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-32278 HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-31762 HIGH This Week

The AMS module has a vulnerability in input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24077 HIGH This Week

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Cloud Explorer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32565 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32192 HIGH This Week

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32564 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32560 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32558 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31054 HIGH PATCH This Week

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Events
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29798 HIGH This Week

There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cv81 Wdm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31761 HIGH This Week

Configuration defects in the secure OS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31757 HIGH This Week

The setting module has a vulnerability of improper use of APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31754 HIGH This Week

Logical defects in code implementation in some products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31753 HIGH This Week

The voice wakeup module has a vulnerability of using externally-controlled format strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31055 HIGH PATCH This Week

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kubernetes Kctf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29244 HIGH PATCH This Week

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure npm Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-26834 HIGH This Week

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Casa
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2013 HIGH This Week

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-29257 HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-23169 HIGH This Week

attacker needs to craft a SQL payload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mobile Application Gateway
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2022-28704 HIGH This Week

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Casa
NVD
CVSS 3.1
7.2
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy