Skip to main content
CVE-2022-4266 MEDIUM POC This Month

The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Bulk Delete Users By Email
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4239 MEDIUM POC This Month

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Workreap
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4166 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4165 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4164 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4163 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4162 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4161 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4160 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4159 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4153 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4152 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4151 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4150 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36664 MEDIUM POC This Month

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Password Manager For Iis
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2022-4267 MEDIUM POC This Month

The Bulk Delete Users by Email WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Delete Users By Email
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37310 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37309 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37308 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37307 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31469 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37313 MEDIUM POC This Month

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-37312 MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-37311 MEDIUM POC This Month

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-4157 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-4155 MEDIUM POC This Month

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-4154 MEDIUM POC This Month

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Contest Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-4243 MEDIUM POC This Month

The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Imageinject
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4242 MEDIUM POC This Month

The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Google Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4226 MEDIUM POC This Month

The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Basic Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4197 MEDIUM POC This Month

The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4110 MEDIUM POC This Month

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4042 MEDIUM POC This Month

The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Paytium
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3840 MEDIUM POC This Month

The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Login For Google Apps
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3835 MEDIUM POC This Month

The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kwayy Html Sitemap
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4227 MEDIUM This Month

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Booster Elite For Woocommerce Booster For Woocommerce Booster Plus For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-29853 MEDIUM This Month

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29852 MEDIUM This Month

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41767 MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41765 MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-24120 MEDIUM PATCH This Month

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Inet 900 Firmware Inet Ii 900 Firmware Sd1 Firmware Sd2 Firmware +4
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy