Skip to main content
CVE-2022-28598 MEDIUM POC This Month

Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Erpnext
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
5.0%
CVE-2022-32761 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-28710 MEDIUM POC This Month

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avideo
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-2555 MEDIUM POC This Month

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Yotpo Reviews For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2392 MEDIUM POC This Month

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal Lana Downloads Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2388 MEDIUM POC This Month

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Coder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-25810 MEDIUM POC This Month

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-32772 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-32771 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-32770 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2022-30690 MEDIUM POC THREAT This Month

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
83.6%
CVE-2022-2532 MEDIUM POC This Month

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Feed Them Social
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2383 MEDIUM POC This Month

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Feed Them Social
NVD WPScan
CVSS 3.1
6.1
EPSS
4.9%
CVE-2022-1932 MEDIUM POC This Month

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rezgo Online Booking
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2932 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mobiledoc Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-36251 MEDIUM POC This Month

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clinic S Patient Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2923 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-2600 MEDIUM POC This Month

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Auto Hyperlink Urls
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2375 MEDIUM POC This Month

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Wp Sticky Button
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-2312 MEDIUM POC This Month

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Student Result Or Employee Database
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-2890 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1340 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2558 MEDIUM POC This Month

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simple Job Board
NVD WPScan
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-2552 MEDIUM POC This Month

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Duplicator
NVD GitHub WPScan Exploit-DB
CVSS 3.1
5.3
EPSS
8.4%
CVE-2022-2407 MEDIUM POC This Month

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Phpmyadmin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2361 MEDIUM POC This Month

The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Social Chat
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1322 MEDIUM POC This Month

The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Coming Soon
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2389 MEDIUM POC This Month

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Funnelkit Automations
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2382 MEDIUM POC This Month

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Product Slider For Woocommerce
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2377 MEDIUM POC This Month

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Directorist
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2276 MEDIUM POC PATCH This Month

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Wp Edit Menu
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2275 MEDIUM POC This Month

The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Edit Menu
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2198 MEDIUM POC This Month

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2172 MEDIUM POC PATCH This Month

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Linkworth
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-1251 MEDIUM POC This Month

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Ask Me
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-32480 MEDIUM This Month

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35655 MEDIUM This Month

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35654 MEDIUM This Month

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-34857 MEDIUM PATCH This Month

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Sp Project Document Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31238 MEDIUM This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-2873 MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-33932 MEDIUM This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-34774 MEDIUM This Month

Tabit - Arbitrary account modification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tabit
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-32769 MEDIUM This Month

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Avideo
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2022-0446 MEDIUM This Month

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Simple Banner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-35656 MEDIUM This Month

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Pega Platform
NVD
CVSS 3.1
4.5
EPSS
0.3%
CVE-2022-32768 MEDIUM This Month

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Avideo
NVD GitHub
CVSS 3.1
4.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy