Skip to main content
CVE-2022-31202 MEDIUM POC This Month

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Softguard Web
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-31260 MEDIUM POC This Month

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Resourcespace
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2187 MEDIUM POC This Month

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form 7 Captcha
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-2173 MEDIUM POC This Month

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Database Cleaner
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2168 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Download Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-2146 MEDIUM POC This Month

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Import Csv Files
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-2090 MEDIUM POC This Month

The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Discount Rules For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1933 MEDIUM POC This Month

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Collect And Deliver Interface For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-31201 MEDIUM POC This Month

SoftGuard Web (SGW) before 5.1.5 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softguard Web
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30982 MEDIUM POC This Month

An issue was discovered in Gentics CMS before 5.43.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gentics Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2133 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oauth Single Sign On
NVD WPScan
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-2222 MEDIUM POC This Month

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Information Disclosure Download Monitor
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-2194 MEDIUM POC This Month

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accept Stripe
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2186 MEDIUM POC This Month

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Post Notes
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2169 MEDIUM POC This Month

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Loading Page With Loading Screen
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2151 MEDIUM POC This Month

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Best Contact Management Software
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2149 MEDIUM POC This Month

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Very Simple Breadcrumb
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2148 MEDIUM POC This Month

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Linkedin Company Updates
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2118 MEDIUM POC This Month

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress 404S
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2114 MEDIUM POC This Month

The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Data Tables Generator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2100 MEDIUM POC This Month

The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Generator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2099 MEDIUM POC PATCH This Month

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2144 MEDIUM POC This Month

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Jquery Validation For Contact Form 7
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27930 MEDIUM This Month

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-25357 MEDIUM This Month

Pexip Infinity 27.x before 27.2 has Improper Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
5.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy