Skip to main content
CVE-2022-40687 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Creative Mail
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40686 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Creative Mail
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43673 MEDIUM POC This Month

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Wire
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-45163 MEDIUM POC This Month

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I Mx 6 Firmware I Mx 6Dual Firmware I Mx 6Duallite Firmware I Mx 6Dualplus Firmware +19
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-24037 HIGH This Week

Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infraskope Siem
NVD VulDB
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-44583 HIGH This Week

Unauth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure WordPress Watchtower
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-42883 HIGH This Week

Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Quiz And Survey Master
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41911 HIGH PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-45471 HIGH This Week

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hub
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31694 HIGH This Week

InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-42459 HIGH This Week

Auth. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Image Hover Effects Ultimate
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-42904 HIGH This Week

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Admanager Plus
NVD
CVSS 3.1
7.2
EPSS
7.7%
CVE-2022-24038 MEDIUM This Month

Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infraskope Siem
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41655 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Phone Orders For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-44641 MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-24939 MEDIUM This Month

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gecko Software Development Kit Zigbee Emberznet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41615 MEDIUM This Month

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Store Locator
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40698 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Quiz And Survey Master
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38075 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Mantenimiento Web
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-41685 MEDIUM This Month

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Integration For Szamlazz Hu Woocommerce Package Points And Shipping Labels For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-41788 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Soledad
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40963 MEDIUM This Month

Multiple Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41839 MEDIUM This Month

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Loginpress
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41618 MEDIUM This Month

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Media Library Assistant
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41135 MEDIUM This Month

Unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Customizable Wordpress Gallery Plugin Modula Image Gallery
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-44634 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure WordPress S2W Import Shopify To Woocommerce
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-45082 MEDIUM This Month

Multiple Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Accordions
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41643 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Accessibility
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-43463 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Custom Product Tabs For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40216 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Better Messages
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-45369 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation WordPress Plugin For Google Reviews
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41805 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Booster For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-38974 MEDIUM This Month

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-40130 LOW Monitor

Auth. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure WordPress Wp Polls
NVD
CVSS 3.1
3.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy