Skip to main content
CVE-2022-4033 MEDIUM PATCH This Month

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Quiz And Survey Master
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-4029 MEDIUM PATCH This Month

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple
NVD VulDB
CVSS 3.1
4.7
EPSS
3.2%
CVE-2022-4036 MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-3995 MEDIUM PATCH This Month

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Terawallet
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-46150 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-45307 MEDIUM This Month

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Chocolatey Php
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45306 MEDIUM This Month

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Chocolatey Azure Pipelines Agent
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45305 MEDIUM This Month

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Python3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45304 MEDIUM This Month

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Cmder
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45301 MEDIUM This Month

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Ruby
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-4031 LOW PATCH Monitor

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress Simple
NVD VulDB
CVSS 3.1
3.8
EPSS
0.3%
CVE-2022-32967 LOW Monitor

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rtl8111Ep Cg Firmware Rtl8111Fp Cg Firmware
NVD
CVSS 3.1
2.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy