Skip to main content
CVE-2022-2355 MEDIUM POC This Month

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Easy Username Updater
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-1323 MEDIUM POC This Month

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Discy
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2702 MEDIUM POC This Month

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Company Website Cms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35493 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eshop Ecommerce Store Website
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-36266 MEDIUM POC This Month

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2386 MEDIUM POC This Month

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Crowdsignal Dashboard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2701 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2391 MEDIUM POC This Month

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Inspiro Pro
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2371 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yaysmtp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2046 MEDIUM POC This Month

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Directorist
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-2426 MEDIUM POC This Month

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Thinkific Uploader
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2425 MEDIUM POC This Month

The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Ds Blog Map
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2424 MEDIUM POC This Month

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Maps Anywhere
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2423 MEDIUM POC This Month

The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Dw Promobar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2412 MEDIUM POC This Month

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Better Tag Cloud
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2411 MEDIUM POC This Month

The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Auto More Tag
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2410 MEDIUM POC This Month

The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Mtouch Quiz
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2409 MEDIUM POC This Month

The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rough Chart
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2398 MEDIUM POC This Month

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordpress Comments Fields
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2395 MEDIUM POC This Month

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Weforms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2372 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yaysmtp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35489 MEDIUM This Month

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
6.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy