Skip to main content
CVE-2022-3419 MEDIUM POC This Month

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Privilege Escalation Automatic User Roles Switcher
NVD WPScan VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3783 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in node-red-dashboard.js of the component ui_text Format Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Node Red Dashboard
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3440 MEDIUM POC This Month

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rock Convert
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2627 MEDIUM POC This Month

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Newspaper
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-2190 MEDIUM POC This Month

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Envira Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2167 MEDIUM POC This Month

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Newspaper
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3766 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.7%
CVE-2022-44081 MEDIUM POC This Month

Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Lodepng
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44079 MEDIUM POC This Month

pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pycdc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43152 MEDIUM POC This Month

tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43151 MEDIUM POC This Month

timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Timg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43148 MEDIUM POC This Month

rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rtf2Html
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3096 MEDIUM POC This Month

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Total Hacks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3765 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3441 MEDIUM POC This Month

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rock Convert
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3420 MEDIUM POC This Month

The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Official Integration For Billingo
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3408 MEDIUM POC This Month

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Word Count
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3237 MEDIUM POC This Month

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Contact Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-40488 MEDIUM PATCH This Month

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Processwire
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42924 MEDIUM PATCH This Month

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Formalms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-41680 MEDIUM PATCH This Month

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Formalms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3499 MEDIUM This Month

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40742 MEDIUM This Month

Mail SQR Expert system has a Local File Inclusion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Mail Sqr Expert
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39023 MEDIUM This Month

U-Office Force Download function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal U Office Force
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-39022 MEDIUM This Month

U-Office Force Download function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal U Office Force
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-40487 MEDIUM PATCH This Month

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Processwire
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40290 MEDIUM This Month

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Point Of Sale
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39020 MEDIUM This Month

Multiple instances of XSS (stored and reflected) was found in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Schoolbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41679 MEDIUM PATCH This Month

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Formalms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39025 MEDIUM This Month

U-Office Force PrintMessage function has insufficient filtering for special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39024 MEDIUM This Month

U-Office Force Bulletin function has insufficient filtering for special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39021 MEDIUM This Month

U-Office Force login function has an Open Redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39017 MEDIUM This Month

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hubshare
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40739 MEDIUM This Month

Ragic report generation page has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ragic
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39027 MEDIUM This Month

U-Office Force Forum function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39026 MEDIUM This Month

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40292 MEDIUM This Month

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Php Point Of Sale
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-40295 MEDIUM This Month

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Php Point Of Sale
NVD
CVSS 3.1
4.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy