Skip to main content
CVE-2022-33116 MEDIUM POC PATCH This Month

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Openeclass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-31081 MEDIUM POC PATCH This Month

HTTP::Daemon is a simple http server class written in perl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apache Nginx Request Smuggling Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-1843 MEDIUM POC This Month

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mailpress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-21161 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zonedirector Firmware
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-33005 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diaenergie
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2218 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Parse Url
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2217 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Parse Url
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1916 MEDIUM POC This Month

The Active Products Tables for WooCommerce. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woot
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-1904 MEDIUM POC This Month

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Pricing Tables
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-1593 MEDIUM POC This Month

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Site Offline Or Coming Soon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1470 MEDIUM POC This Month

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Woocommerce Csv Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31076 MEDIUM POC PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Kubernetes Null Pointer Dereference Kubeedge
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-2208 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-31064 MEDIUM POC PATCH This Month

BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bigbluebutton
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-2041 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2040 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1964 MEDIUM POC This Month

The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Svg Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1776 MEDIUM POC This Month

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popups Welcome Bar Optins And Lead Generation Plugin
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2213 MEDIUM POC This Month

A vulnerability was found in SourceCodester Library Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Library Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-33009 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1995 MEDIUM POC This Month

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Malware Scanner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1994 MEDIUM POC This Month

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Login With Otp Over Sms Email Whatsapp And Google Authenticator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1990 MEDIUM POC This Month

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nested Pages
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1971 MEDIUM POC This Month

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nextcellent Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1327 MEDIUM POC This Month

The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Image Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1326 MEDIUM POC This Month

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Form Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1321 MEDIUM POC This Month

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1113 MEDIUM POC This Month

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flower Delivery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1095 MEDIUM POC This Month

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress No External Links Project
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1029 MEDIUM POC This Month

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Limit Login Attempts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-1028 MEDIUM POC This Month

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordpress Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1010 MEDIUM POC This Month

The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Login Using Wordpress Users
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1960 MEDIUM POC This Month

The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mycss
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1914 MEDIUM POC This Month

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Clean Contact
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1913 MEDIUM POC This Month

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Add Post Url
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1885 MEDIUM POC This Month

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cimy Header Image Rotator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1847 MEDIUM POC This Month

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Rotating Posts
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1846 MEDIUM POC This Month

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Tiny Contact Form
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1845 MEDIUM POC This Month

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Post Styling
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1844 MEDIUM POC This Month

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Wp Sentry
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1842 MEDIUM POC This Month

The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Openbook Book Data
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1653 MEDIUM POC This Month

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Social Share Buttons
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1627 MEDIUM POC This Month

The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress My Private Site
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1625 MEDIUM POC This Month

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress New User Approve
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1573 MEDIUM POC This Month

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0875 MEDIUM POC This Month

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0444 MEDIUM POC This Month

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Xcloner
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-31099 MEDIUM PATCH This Month

rulex is a new, portable, regular expression language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pomsky
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31100 MEDIUM PATCH This Month

rulex is a new, portable, regular expression language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pomsky
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2221 MEDIUM This Month

Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy