Skip to main content
CVE-2023-0940 HIGH POC This Week

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0875 HIGH POC This Week

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Meta Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0865 HIGH POC This Week

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Woocommerce Multiple Customer Addresses Shipping
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0631 HIGH POC THREAT This Week

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Paid Memberships Pro
NVD WPScan
CVSS 3.1
8.8
EPSS
60.5%
CVE-2023-0630 HIGH POC This Week

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Slimstat Analytics
NVD WPScan
CVSS 3.1
8.8
EPSS
5.1%
CVE-2023-0340 HIGH POC This Week

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Custom Content Shortcode
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1505 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1504 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1503 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1502 HIGH POC This Week

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-27586 HIGH POC PATCH This Week

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Cairosvg
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-0911 MEDIUM POC This Month

The WordPress Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Shortcodes Ultimate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0890 MEDIUM POC This Month

The WordPress Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Shortcodes Ultimate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0937 MEDIUM POC This Month

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vk All In One Expansion Unit
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0876 MEDIUM POC This Month

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Meta Seo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28424 CRITICAL PATCH Act Now

Soko if the code that powers packages.gentoo.org. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE PostgreSQL SQLi Soko
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0370 MEDIUM POC This Month

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Advanced Faq
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0369 MEDIUM POC This Month

The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gotowp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0365 MEDIUM POC This Month

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS React Webcam
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0364 MEDIUM POC This Month

The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Kit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0273 MEDIUM POC This Month

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Content Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0175 MEDIUM POC This Month

The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Logo Showcase Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0167 MEDIUM POC This Month

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Getresponse
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0145 MEDIUM POC This Month

The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS World Clock
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1515 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-1517 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23721 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Log
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22678 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Superior Faq
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1506 HIGH This Week

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-1250 HIGH This Week

Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Otrs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27578 HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28118 HIGH PATCH This Week

kaml provides YAML support for kotlinx.serialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26513 HIGH PATCH This Week

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.2.0 before 1.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Sling Resource Merger
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-22681 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eexamhall Project
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0681 MEDIUM This Month

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Insightvm
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28429 MEDIUM PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22682 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camera Slideshow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1507 MEDIUM This Month

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS E Commerce System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1248 MEDIUM This Month

Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).0.X before 7.0.42;. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28425 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Redis Command Injection
NVD GitHub
CVSS 3.1
5.5
EPSS
55.0%
CVE-2023-0320 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.03.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS University Information Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-22288 MEDIUM This Month

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23718 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Loading Effects
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22680 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS No Api Amazon Affiliate
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22679 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Better Emails
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25795 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Feed Changer Remover
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25794 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nooz
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25064 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Htpasswd
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24381 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Social Pixel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25782 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Service Area Postcode Checker
NVD
CVSS 3.1
4.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy