Skip to main content
CVE-2023-0088 HIGH POC This Week

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Swifty Page Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22626 HIGH POC PATCH This Week

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pghero
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0077 CRITICAL Act Now

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Router Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0087 MEDIUM POC This Month

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Swifty Page Manager
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22455 MEDIUM PATCH This Month

Discourse is an option source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22454 MEDIUM PATCH This Month

Discourse is an option source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0057 MEDIUM PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pyload Pyload Ng
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0086 MEDIUM PATCH This Month

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS WordPress CSRF Jetwidgets For Elementor Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22453 MEDIUM PATCH This Month

Discourse is an option source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22622 MEDIUM This Month

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure WordPress PHP
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy