CVE-2022-3302

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

Code injection

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can...

CVE-2022-2563

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-20726 · WordPress · We’Re Open!

Name of the Vulnerable Software and Affected Versions: We’re Open! WordPress plugin versions prior to 1.42 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 Extract admin users and Fo...

CVE-2022-41539

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/usersadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 CVE-2022-40684 - Auth bypass extract admin u...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

CVE-2022-34020

Cross Site Request Forgery CSRF vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts...

Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to the plugin's settings Popup tab, click o...

CVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

Cross site request forgery (csrf)

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

CVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5r allows attackers to arbitrarily create admin users via a crafted HTTP request...

PT-2022-23518 · Zkteco · Zkbio Cvsecurity V5000

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBioSecurity V5000 version 3.0.5 r Description: An access control issue allows attackers to arbitrarily create admin users via a crafted HTTP request. Recommendations: For ZKTeco ZKBioSecurity V5000 version 3.0.5 r, consider restricti...

CVE-2022-36634

CVE-2022-36634 affects ZKTeco ZKBioSecurity V5000, specifically version 3.0.5_r, where an access control flaw allows an attacker to arbitrarily create administrator users via a crafted HTTP request. The vulnerability is described as improper access control in the web-based ZKBioSecurity platform,...

OrchardCore vulnerable to HTML injection

OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. Version 1.4.0...

CVE-2022-32173

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...

CVE-2022-32173

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...

Input validation

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...