Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-1673
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1683
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action
CVSS Score
8.8
EPSS Score
0.007
Published
2022-06-08
CVE-2022-1684
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1685
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection
CVSS Score
4.9
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1686
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1687
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1688
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1689
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1690
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection
CVSS Score
2.7
EPSS Score
0.002
Published
2022-06-08
CVE-2022-1691
The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
CVSS Score
4.9
EPSS Score
0.003
Published
2022-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved