Skip to main content
CVE-2023-27587 MEDIUM POC PATCH This Month

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Google Readtomyshoe
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2023-0772 MEDIUM POC This Month

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Optinmonster
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0749 MEDIUM POC This Month

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Ocean Extra
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1361 MEDIUM POC PATCH This Month

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Bumsys
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27093 MEDIUM POC This Month

Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XSS My Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1362 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bumsys
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-0538 MEDIUM POC This Month

The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Campaign Url Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0219 MEDIUM POC This Month

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fluentsmtp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0172 MEDIUM POC This Month

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Juicer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0073 MEDIUM POC This Month

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Client Logo Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0066 MEDIUM POC This Month

The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Companion Sitemap Generator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1363 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Parts Sales And Inventory System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0844 MEDIUM POC This Month

The Namaste!. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Namaste Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1374 MEDIUM POC This Month

The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Solidres
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-0978 MEDIUM This Month

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Advanced Threat Defense Intelligent Sandbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-0350 MEDIUM This Month

Akuvox E11 does not ensure that a file extension is associated with the file provided. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-27580 MEDIUM PATCH This Month

CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure PHP Shield
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-0973 MEDIUM This Month

STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null pointer dereference, which could allow an attacker to deny application usage when reading a specially constructed file, resulting in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ifcmesh Library
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24579 MEDIUM This Month

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Total Protection
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24578 MEDIUM This Month

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Total Protection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24577 MEDIUM This Month

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Total Protection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1369 MEDIUM This Month

A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vir It Explorer Viragtlt Sys
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0347 MEDIUM This Month

The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-23711 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF A2 Optimized
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-22700 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite - Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pixelyoursite
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy