Skip to main content
CVE-2023-0097 MEDIUM POC This Month

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Post Show
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0074 MEDIUM POC This Month

The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Social Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0071 MEDIUM POC This Month

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Tabs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0033 MEDIUM POC This Month

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pdf Viewer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24622 MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22389 MEDIUM This Month

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore->Backup Settings, which could be read by any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wattbox Wb 300 Ip 3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22332 MEDIUM This Month

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pgpool Ii
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22324 MEDIUM PATCH This Month

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Conprosys Hmi System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-22333 MEDIUM This Month

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easymail
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22322 MEDIUM This Month

Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Cx Motion Pro
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0581 MEDIUM This Month

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privatecontent
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy