Skip to main content
CVE-2022-4158 HIGH POC This Week

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-4156 HIGH POC This Week

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-4268 HIGH POC This Week

The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Plugin Logic
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-30260 HIGH This Week

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26964 HIGH This Week

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy