Skip to main content
CVE-2022-2091 MEDIUM POC This Month

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cache Images
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1732 MEDIUM POC This Month

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF WordPress Rename Wp Login
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1599 MEDIUM POC This Month

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Admin Management Xtended
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1576 MEDIUM POC This Month

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Maintenance Mode Coming Soon
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2092 MEDIUM POC This Month

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Pdf Invoices Packing Slips
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1951 MEDIUM POC This Month

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Core Plugin For Kitestudio Themes
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1937 MEDIUM POC This Month

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Awin Data Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-1910 MEDIUM POC This Month

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-1546 MEDIUM POC This Month

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Product Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1474 MEDIUM POC This Month

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Event Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1220 MEDIUM POC This Month

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Foxyshop
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35416 MEDIUM POC This Month

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ssl Vpn
NVD GitHub
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-1938 MEDIUM POC This Month

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Awin Data Feed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1757 MEDIUM POC This Month

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Pagebar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1626 MEDIUM POC This Month

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Sharebar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-2093 MEDIUM POC This Month

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Duplicate Page
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2089 MEDIUM POC This Month

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bold Page Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-2050 MEDIUM POC This Month

The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Paginate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1894 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2123 MEDIUM POC This Month

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Opt In
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1957 MEDIUM POC This Month

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Comment License
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1956 MEDIUM POC This Month

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Shortcut Macros
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-31080 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31079 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31078 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31075 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31074 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29512 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27168 MEDIUM PATCH This Month

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Litecart
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1794 MEDIUM This Month

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opc Da Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31472 MEDIUM This Month

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-30943 MEDIUM This Month

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy