Live-Hack-CVE/CVE-2022-48176 Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:09 +0000 UTC Push: 2023-01-31 10:16:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-45897 On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. CVE project by @Sn0wAlice Create: 2023-01-31 10:16:05 +0000 UTC Push: 2023-01-31 10:16:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-4395 The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:20 +0000 UTC Push: 2023-01-31 08:06:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-0097 The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:17 +0000 UTC Push: 2023-01-31 08:06:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4306 The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:13 +0000 UTC Push: 2023-01-31 08:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-4680 The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:09 +0000 UTC Push: 2023-01-31 08:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4671 The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:06:06 +0000 UTC Push: 2023-01-31 08:06:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-4831 The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against h CVE project by @Sn0wAlice Create: 2023-01-31 08:06:01 +0000 UTC Push: 2023-01-31 08:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-4667 The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-01-31 08:05:58 +0000 UTC Push: 2023-01-31 08:06:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-4793 The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:54 +0000 UTC Push: 2023-01-31 08:05:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-4651 The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:50 +0000 UTC Push: 2023-01-31 08:05:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4776 The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:47 +0000 UTC Push: 2023-01-31 08:05:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4699 The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admi CVE project by @Sn0wAlice Create: 2023-01-31 08:05:43 +0000 UTC Push: 2023-01-31 08:05:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-4472 The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins CVE project by @Sn0wAlice Create: 2023-01-31 08:05:38 +0000 UTC Push: 2023-01-31 08:05:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-4496 The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making CVE project by @Sn0wAlice Create: 2023-01-31 08:05:35 +0000 UTC Push: 2023-01-31 08:05:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-20057 A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerabi CVE project by @Sn0wAlice Create: 2023-01-31 08:05:31 +0000 UTC Push: 2023-01-31 08:05:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-34888 The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:27 +0000 UTC Push: 2023-01-31 08:05:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-34884 A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:23 +0000 UTC Push: 2023-01-31 08:05:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-24020 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:19 +0000 UTC Push: 2023-01-31 08:05:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-22315 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-31 08:05:16 +0000 UTC Push: 2023-01-31 08:05:18 +0000 UTC |