Skip to main content
CVE-2023-0911 MEDIUM POC This Month

The WordPress Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Shortcodes Ultimate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0890 MEDIUM POC This Month

The WordPress Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Shortcodes Ultimate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0937 MEDIUM POC This Month

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vk All In One Expansion Unit
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0876 MEDIUM POC This Month

The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Meta Seo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0370 MEDIUM POC This Month

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Advanced Faq
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0369 MEDIUM POC This Month

The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gotowp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0365 MEDIUM POC This Month

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS React Webcam
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0364 MEDIUM POC This Month

The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Kit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0273 MEDIUM POC This Month

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Content Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0175 MEDIUM POC This Month

The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Logo Showcase Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0167 MEDIUM POC This Month

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Getresponse
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0145 MEDIUM POC This Month

The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS World Clock
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1515 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-1517 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22681 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eexamhall Project
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0681 MEDIUM This Month

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Insightvm
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28429 MEDIUM PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22682 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camera Slideshow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1507 MEDIUM This Month

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS E Commerce System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1248 MEDIUM This Month

Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).0.X before 7.0.42;. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28425 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Redis Command Injection
NVD GitHub
CVSS 3.1
5.5
EPSS
55.0%
CVE-2023-0320 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.03.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS University Information Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-22288 MEDIUM This Month

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23718 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Loading Effects
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22680 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS No Api Amazon Affiliate
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22679 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Better Emails
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25795 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Feed Changer Remover
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25794 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nooz
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25064 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Htpasswd
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24381 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Social Pixel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25782 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Service Area Postcode Checker
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy