Skip to main content
CVE-2022-2134 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Inventree
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1832 MEDIUM POC This Month

The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Capa Protect
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1831 MEDIUM POC This Month

The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wplite
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1830 MEDIUM POC This Month

The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Amazon Einzeltitellinks
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1829 MEDIUM POC This Month

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF WordPress Inline Google Maps
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1828 MEDIUM POC This Month

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pdf24 Articles To Pdf
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1827 MEDIUM POC This Month

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pdf24 Articles To Pdf
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1826 MEDIUM POC This Month

The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cross Linker
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1630 MEDIUM POC This Month

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Email
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1610 MEDIUM POC This Month

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Seamless Donations
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2130 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-1818 MEDIUM POC This Month

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Multi Page Toolkit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-31062 MEDIUM POC This Month

### Impact A plugin public script can be used to read content of system files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Glpi Inventory
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
5.6%
CVE-2022-1945 MEDIUM POC This Month

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Coming Soon Maintenance Mode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1915 MEDIUM POC This Month

The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Zillow Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1896 MEDIUM POC This Month

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Underconstruction
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1889 MEDIUM POC This Month

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Newsletter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1717 MEDIUM POC This Month

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Share Buttons With Floating Sidebar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1266 MEDIUM POC This Month

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Grid Slider Carousel Ultimate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0663 MEDIUM POC This Month

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Print Pdf Email By Printfriendly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1895 MEDIUM POC This Month

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Underconstruction
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1603 MEDIUM POC This Month

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mail Subscribe List
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-26669 MEDIUM This Month

ASUS Control Center is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Control Center
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26668 MEDIUM This Month

ASUS Control Center API has a broken access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control Center
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-21742 MEDIUM This Month

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtl8156 Firmware Rtl8156B Firmware Rtl8153 Firmware Rtl8153B Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-25772 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mautic
NVD GitHub
CVSS 3.1
6.1
EPSS
61.4%
CVE-2022-31734 MEDIUM This Month

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Ws C2940 8Tf S Firmware Ws C2940 8Tt S Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22414 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32983 MEDIUM PATCH This Month

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Knot Resolver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy