Skip to main content
CVE-2023-1426 MEDIUM POC This Month

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Tiles
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1916 MEDIUM POC This Month

A flaw was found in tiffcrop, a program distributed by the libtiff package. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libtiff
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26773 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sales Tracker Management System
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0983 MEDIUM POC This Month

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stylish Cost Calculator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26788 MEDIUM POC This Month

Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbackup Appliance Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26120 MEDIUM POC This Month

This affects all versions of the package com.xuxueli:xxl-job. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Job
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25392 MEDIUM POC PATCH This Month

Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Bigflow
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-24721 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Livesp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24181 MEDIUM POC PATCH This Month

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Luci
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0546 MEDIUM POC This Month

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Contact Form
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0363 MEDIUM POC This Month

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Scheduled Announcements Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1971 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Tpadmin
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-0156 MEDIUM POC THREAT This Month

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress All In One Security
NVD WPScan
CVSS 3.1
4.9
EPSS
19.9%
CVE-2023-1122 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1121 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1120 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0893 MEDIUM POC This Month

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Time Sheets
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0874 MEDIUM POC This Month

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Klavio
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0605 MEDIUM POC This Month

The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Auto Rename Media On Upload
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0423 MEDIUM POC This Month

The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Amazon S3
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0422 MEDIUM POC This Month

The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Article Directory
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0157 MEDIUM POC THREAT This Month

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All In One Security
NVD WPScan
CVSS 3.1
4.8
EPSS
32.5%
CVE-2023-28093 MEDIUM This Month

A user with a compromised configuration can start an unsigned binary as a service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synchronization Engine
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-30456 MEDIUM PATCH This Month

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26467 MEDIUM This Month

A man in the middle can redirect traffic to a malicious server in a compromised configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Synchronization Engine
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-29376 MEDIUM This Month

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitefinity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29192 MEDIUM This Month

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Silverwaregames
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy