Skip to main content
CVE-2022-41980 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Mantenimiento Web
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-32776 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Advanced Ads Ad Manager Adsense
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-30545 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS 5 Anker Connect
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41433 MEDIUM This Month

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Interface
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41432 MEDIUM This Month

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Interface
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41215 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-20465 MEDIUM This Month

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Google Privilege Escalation Android
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-43491 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-43481 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Coupons
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-40223 MEDIUM This Month

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Searchwp
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-40206 MEDIUM This Month

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpforo Forum
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-40205 MEDIUM This Month

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpforo Forum
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-32587 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wp Page Widget
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-27855 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Analytics Cat
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-20446 LOW Monitor

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy