Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-45073
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-11-18
CVE-2022-45082
Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.
CVSS Score
3.4
EPSS Score
0.001
Published
2022-11-18
CVE-2022-45132
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
CVSS Score
9.8
EPSS Score
0.049
Published
2022-11-18
CVE-2022-45163
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-18
CVE-2022-42698
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-11-18
CVE-2022-42883
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-11-18
CVE-2022-43492
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-11-18
CVE-2022-44583
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-18
CVE-2022-44584
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-11-18
CVE-2022-44634
Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-11-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved