Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-1926
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.
CVSS Score
7.6
EPSS Score
0.001
Published
2022-05-31
CVE-2022-1934
Use After Free in GitHub repository mruby/mruby prior to 3.2.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-05-31
CVE-2022-1931
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-05-31
CVE-2022-1568
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.001
Published
2022-05-30
CVE-2022-1582
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-05-30
CVE-2022-1583
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-05-30
CVE-2022-1589
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
CVSS Score
7.5
EPSS Score
0.001
Published
2022-05-30
CVE-2022-1611
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-30
CVE-2022-1643
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.001
Published
2022-05-30
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-05-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved