Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-1250
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
CVSS Score
6.1
EPSS Score
0.018
Published
2022-05-02
CVE-2022-1255
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-02
CVE-2022-1269
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-02
CVE-2021-25002
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL
CVSS Score
7.5
EPSS Score
0.016
Published
2022-05-02
CVE-2022-28054
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-05-02
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-02
CVE-2022-28573
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
CVSS Score
9.8
EPSS Score
0.475
Published
2022-05-02
CVE-2022-27466
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-02
CVE-2022-27982
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-05-02
CVE-2022-27983
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved