Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2022
CVE-2021-25032
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
CVSS Score
9.8
EPSS Score
0.56
Published
2022-01-10
CVE-2021-25043
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.002
Published
2022-01-10
CVE-2021-25047
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users
CVSS Score
6.1
EPSS Score
0.002
Published
2022-01-10
CVE-2021-44586
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-10
CVE-2022-22847
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).
CVSS Score
9.8
EPSS Score
0.005
Published
2022-01-10
CVE-2022-22844
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-10
CVE-2022-22845
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
CVSS Score
9.8
EPSS Score
0.135
Published
2022-01-10
CVE-2022-22846
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-01-10
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved