Skip to main content
CVE-2023-1081 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1026 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1027 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1024 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-23992 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Automatorwp
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1028 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23865 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stripe Payments For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-20932 LOW PATCH Monitor

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy