Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-1790
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1791
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1549
The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-13
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request
CVSS Score
5.3
EPSS Score
0.29
Published
2022-06-13
CVE-2022-1604
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-13
CVE-2022-1605
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1608
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1612
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-13
CVE-2022-1624
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved