dhakalananda

10 exploits Active since Aug 2022
CVE-2022-33142 GITHUB HIGH NO CODE
WordPlus WordPress Better Messages <1.9.10.57 - DoS
Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.
2 stars
CVSS 7.7
CVE-2022-38055 GITHUB MEDIUM STUB
wpForo Forum <2.0.9 - XSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.
2 stars
CVSS 4.3
CVE-2022-40192 GITHUB HIGH STUB
Gvectors Wpforo Forum < 2.0.9 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
2 stars
CVSS 7.1
CVE-2022-40205 GITHUB MEDIUM NO CODE
Gvectors Wpforo Forum < 2.0.5 - IDOR
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
2 stars
CVSS 5.4
CVE-2022-40206 GITHUB MEDIUM NO CODE
Gvectors Wpforo Forum < 2.0.5 - IDOR
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
2 stars
CVSS 6.3
CVE-2022-40216 GITHUB MEDIUM STUB
Wordplus Better Messages < 1.9.10.71 - Improper Access Control
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.
2 stars
CVSS 4.3
CVE-2022-40632 GITHUB MEDIUM NO CODE
Gvectors Wpforo Forum < 2.0.5 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
2 stars
CVSS 5.4
CVE-2022-41608 GITHUB MEDIUM STUB
Thomas Belser Asgaros Forum <= 2.2.0 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.
2 stars
CVSS 5.4
CVE-2022-41609 GITHUB MEDIUM STUB
WordPress Better Messages <1.9.10.68 - SSRF
Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability in Better Messages plugin 1.9.10.68 on WordPress.
2 stars
CVSS 6.4
CVE-2022-43492 GITHUB MEDIUM STUB
wpDiscuz 7.4.2 - Info Disclosure
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
2 stars
CVSS 4.3