Skip to main content
CVE-2023-1125 MEDIUM POC This Month

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Ruby Help Desk
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2477 MEDIUM POC This Month

A vulnerability was found in Funadmin up to 3.2.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Funadmin
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1805 MEDIUM POC This Month

The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Catalog Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1804 MEDIUM POC This Month

The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Catalog Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1546 MEDIUM POC This Month

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mycryptocheckout
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-27892 MEDIUM POC PATCH This Month

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Keepkey Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-31434 MEDIUM POC This Month

The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evasys
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29918 MEDIUM POC This Month

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rosariosis
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-2476 MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2475 MEDIUM POC This Month

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS J2Eefast
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1861 MEDIUM POC THREAT This Month

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Limit Login Attempts
NVD WPScan
CVSS 3.1
5.4
EPSS
28.8%
CVE-2023-0891 MEDIUM POC This Month

The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stagtools
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30943 MEDIUM POC PATCH This Month

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
6.6%
CVE-2023-29772 MEDIUM POC THREAT This Month

A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt Ac51U Firmware
NVD
CVSS 3.1
5.2
EPSS
11.2%
CVE-2023-1614 MEDIUM POC This Month

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Custom Author Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1554 MEDIUM POC This Month

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quick Paypal Payments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1525 MEDIUM POC This Month

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Site Reviews
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1090 MEDIUM POC This Month

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smtp Mailing Queue
NVD GitHub WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1021 MEDIUM POC This Month

The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Amr Ical Events List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2474 MEDIUM POC This Month

A vulnerability has been found in Rebuild 3.2 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rebuild
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-1911 MEDIUM POC This Month

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Blocksy Companion
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-29868 MEDIUM This Month

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-29867 MEDIUM This Month

Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31207 MEDIUM This Month

Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apache Information Disclosure Checkmk
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2000 MEDIUM This Month

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Open Redirect Mattermost Desktop
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26268 MEDIUM This Month

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list *. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Couchdb Cloudant
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-2247 MEDIUM This Month

In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-2445 MEDIUM This Month

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-23723 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Email Capture
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2473 MEDIUM This Month

A vulnerability was found in Dreamer CMS up to 4.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Dreamer Cms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy