Skip to main content
CVE-2020-7048 CRITICAL POC THREAT Act Now

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Wp Database Reset
NVD
CVSS 3.1
9.1
EPSS
22.9%
CVE-2020-7047 HIGH POC This Week

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP Wp Database Reset
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-7105 HIGH POC This Week

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hiredis Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-7044 HIGH POC PATCH This Week

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Wireshark Fedora Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-7045 MEDIUM POC This Month

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-7107 MEDIUM POC PATCH This Month

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Ultimate Faq
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-7106 MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux Backports Sle +4
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-7108 MEDIUM POC This Month

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Learndash
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.5%
CVE-2020-7039 MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Libslirp Qemu +2
NVD
CVSS 3.1
5.6
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy