Skip to main content
CVE-2023-0940 HIGH POC This Week

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0875 HIGH POC This Week

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Meta Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0865 HIGH POC This Week

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Woocommerce Multiple Customer Addresses Shipping
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0631 HIGH POC THREAT This Week

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Paid Memberships Pro
NVD WPScan
CVSS 3.1
8.8
EPSS
60.5%
CVE-2023-0630 HIGH POC This Week

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Slimstat Analytics
NVD WPScan
CVSS 3.1
8.8
EPSS
5.1%
CVE-2023-0340 HIGH POC This Week

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Custom Content Shortcode
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1505 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1504 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1503 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1502 HIGH POC This Week

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP SQLi Alphaware Simple E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-27586 HIGH POC PATCH This Week

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Cairosvg
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-23721 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Log
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22678 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Superior Faq
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1506 HIGH This Week

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi E Commerce System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-1250 HIGH This Week

Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Otrs
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27578 HIGH PATCH This Week

Galaxy is an open-source platform for data analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Galaxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28118 HIGH PATCH This Week

kaml provides YAML support for kotlinx.serialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26513 HIGH PATCH This Week

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.2.0 before 1.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Sling Resource Merger
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy