Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2022-28700
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
CVSS Score
9.1
EPSS Score
0.06
Published
2022-07-21
CVE-2022-30536
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.
CVSS Score
3.4
EPSS Score
0.024
Published
2022-07-21
CVE-2022-31475
Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.
CVSS Score
5.5
EPSS Score
0.005
Published
2022-07-21
CVE-2022-33198
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-07-21
CVE-2022-34487
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-07-21
CVE-2022-28666
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-21
CVE-2022-30337
Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-07-21
CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
CVSS Score
7.8
EPSS Score
0.006
Published
2022-07-21
CVE-2022-28877
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-07-21
CVE-2022-30628
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX
CVSS Score
4.8
EPSS Score
0.0
Published
2022-07-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved