Skip to main content
CVE-2022-4120 CRITICAL POC THREAT Act Now

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization Stop Spammers
NVD WPScan
CVSS 3.1
9.8
EPSS
18.1%
CVE-2022-4117 CRITICAL POC Act Now

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Iws Geo Form Fields
NVD WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-4047 CRITICAL POC Act Now

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Microsoft WordPress Return Refund And Exchange For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
6.2%
CVE-2022-4742 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Json Pointer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26969 CRITICAL PATCH Act Now

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cors Misconfiguration Directus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24119 CRITICAL PATCH Act Now

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Inet 900 Firmware Inet Ii 900 Firmware Sd1 Firmware Sd2 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-24117 CRITICAL PATCH Act Now

Certain General Electric Renewable Energy products download firmware without an integrity check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Inet 900 Firmware Inet Ii 900 Firmware Sd1 Firmware Sd2 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-24116 CRITICAL PATCH Act Now

Certain General Electric Renewable Energy products have inadequate encryption strength. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Inet 900 Firmware Inet Ii 900 Firmware Sd1 Firmware Sd2 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-24118 CRITICAL PATCH Act Now

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Inet 900 Firmware Inet Ii 900 Firmware Sd1 Firmware Sd2 Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy