Skip to main content
CVE-2023-3086 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-3083 HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2023-3084 HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-2406 MEDIUM POC This Month

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments - Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Registration Calendar By Vcita Online Payments Get Paid With Paypal Square Stripe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-2404 MEDIUM POC This Month

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Crm And Lead Management By Vcita
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-2407 MEDIUM POC This Month

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments - Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Event Registration Calendar By Vcita Online Payments Get Paid With Paypal Square Stripe
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-2405 MEDIUM POC This Month

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP CSRF Crm And Lead Management By Vcita
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-2416 MEDIUM POC This Month

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Denial Of Service Online Booking Scheduling Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2415 MEDIUM POC This Month

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Denial Of Service Online Booking Scheduling Calendar
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-2781 HIGH PATCH This Week

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

WordPress Authentication Bypass User Email Verification For Woocommerce
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-33143 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-2298 HIGH PATCH This Week

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Online Booking Scheduling Calendar
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-3051 MEDIUM PATCH This Month

The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Page Builder With Image Map By Azexo
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-2302 MEDIUM PATCH This Month

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Contact Form And Calls To Action By Vcita
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-2300 MEDIUM PATCH This Month

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Contact Form Builder By Vcita
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3052 MEDIUM PATCH This Month

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Page Builder With Image Map By Azexo
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-2303 MEDIUM PATCH This Month

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Contact Form And Calls To Action By Vcita
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-2301 MEDIUM PATCH This Month

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS WordPress CSRF Contact Form Builder By Vcita
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-3055 MEDIUM PATCH This Month

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Page Builder With Image Map By Azexo
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-3085 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504.uc of the component 404 Error Template Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Luci
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3053 MEDIUM PATCH This Month

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Page Builder With Image Map By Azexo
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2299 MEDIUM PATCH This Month

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Online Booking Scheduling Calendar
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-32582 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Don8
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0584 MEDIUM PATCH This Month

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Vk Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0583 MEDIUM PATCH This Month

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Vk Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy