Skip to main content
CVE-2022-4016 MEDIUM POC This Month

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Booster For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3946 MEDIUM POC This Month

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Welcart E Commerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3930 MEDIUM POC This Month

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Directorist
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3883 MEDIUM POC This Month

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Stopbadbots
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3882 MEDIUM POC This Month

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP WordPress Wp Memory
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3880 MEDIUM POC This Month

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Antihacker
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3879 MEDIUM POC This Month

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Car Dealer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3908 MEDIUM POC This Month

The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Helloprint
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-4413 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3881 MEDIUM POC This Month

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP WordPress Wptools
NVD WPScan
CVSS 3.1
5.7
EPSS
0.4%
CVE-2022-4005 MEDIUM POC This Month

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Donation Button
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3935 MEDIUM POC This Month

The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Welcart E Commerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3934 MEDIUM POC This Month

The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flat Pm
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-3933 MEDIUM POC This Month

The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Essential Real Estate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-45970 MEDIUM POC This Month

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alist
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45758 MEDIUM POC This Month

SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sens
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-4097 MEDIUM POC This Month

The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress All In One Security
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-45956 MEDIUM POC This Month

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Boa
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-4010 MEDIUM POC This Month

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Hover Effects
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4000 MEDIUM POC This Month

The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Shipping
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3919 MEDIUM POC This Month

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jetpack Crm
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3862 MEDIUM POC This Month

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Addons For Elementor
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4004 MEDIUM POC This Month

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Donation Button
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23511 MEDIUM PATCH This Month

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Apple Microsoft Privilege Escalation Cloudwatch Agent
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-4311 MEDIUM This Month

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pcvue
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-44532 MEDIUM This Month

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43518 MEDIUM This Month

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-42446 MEDIUM This Month

Starting with Sametime 12, anonymous users are enabled by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sametime
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-37928 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-37910 MEDIUM This Month

A buffer overflow vulnerability exists in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37908 MEDIUM This Month

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-46688 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Sonar Gerrit
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20691 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ata 190 Firmware Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41262 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java XSS Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46905 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4421 MEDIUM PATCH This Month

A vulnerability was found in rAthena FluxCP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Fluxcp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37927 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect HP Oneview Global Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37925 MEDIUM This Month

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Edgeconnect Enterprise
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34318 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46683 MEDIUM PATCH This Month

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Jenkins Open Redirect Google Login
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45756 MEDIUM This Month

SENS v1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-44637 MEDIUM This Month

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44031 MEDIUM This Month

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4414 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-31596 MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2022-4312 MEDIUM This Month

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pcvue
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41261 MEDIUM This Month

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Microsoft Solution Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-44648 MEDIUM This Month

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Buffer Overflow Apex One
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-44647 MEDIUM This Month

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Buffer Overflow Apex One
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-37930 MEDIUM This Month

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sf100 Firmware Sf300 Firmware Hf60C Firmware Hf40C Firmware +5
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy