Skip to main content
CVE-2020-15363 CRITICAL POC Act Now

The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Nexos
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-15365 MEDIUM POC This Month

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libraw
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15364 MEDIUM POC This Month

The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nexos
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy