Skip to main content
CVE-2020-36728 MEDIUM POC THREAT This Month

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.4%.

WordPress Path Traversal Adning Advertising
NVD
CVSS 3.1
6.5
EPSS
84.4%
Threat
5.3
CVE-2020-36723 MEDIUM POC THREAT This Month

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

PHP Information Disclosure WordPress Listingpro
NVD VulDB
CVSS 3.1
5.3
EPSS
20.7%
CVE-2021-4372 MEDIUM POC This Month

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Dynamic Pricing And Discounts
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-4377 MEDIUM POC PATCH This Month

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure WordPress Doneren Met Mollie
NVD WPScan VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-36721 MEDIUM POC This Month

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Activello Bonkers +13
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-4345 MEDIUM POC PATCH This Month

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Ulisting
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-4359 MEDIUM POC PATCH This Month

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Frontend File Manager Plugin
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2019-25139 MEDIUM POC PATCH This Month

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP WordPress Coming Soon Page Maintenance Mode
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-3125 MEDIUM POC This Month

The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass B2Bking
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-4379 MEDIUM POC This Month

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Woocommerce Multi Currency
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-0668 MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-0667 MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Wireshark
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-0666 MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-36711 MEDIUM POC This Month

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Avada
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4367 MEDIUM POC This Month

The Flo Forms - Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flo Forms
NVD WPScan
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4338 MEDIUM POC PATCH This Month

The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass 404 To 301
NVD WPScan
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-36703 MEDIUM POC This Month

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Website Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4344 MEDIUM POC This Month

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Privilege Escalation Frontend File Manager Plugin
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4378 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-36704 MEDIUM POC This Month

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fruitful Theme
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4363 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-4366 MEDIUM POC This Month

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Pwa For Wp Amp
NVD WPScan
CVSS 3.1
6.3
EPSS
0.0%
CVE-2019-25148 MEDIUM POC This Month

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Html Mail
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-4351 MEDIUM POC This Month

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Frontend File Manager Plugin
NVD VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2021-4369 MEDIUM POC PATCH This Month

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Frontend File Manager Plugin
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2020-36709 MEDIUM POC This Month

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Builder Kingcomposer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-36722 MEDIUM POC This Month

The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Visual Composer Website Builder
NVD WPScan
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-36702 MEDIUM POC This Month

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Spectra
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-33283 MEDIUM POC This Month

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msm
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-2878 MEDIUM POC PATCH This Month

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Secrets Store Csi Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-25144 MEDIUM POC This Month

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Html Mail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-36710 MEDIUM POC This Month

The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wps Hide Login
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-25151 MEDIUM POC This Month

The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Cartflows
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2019-25143 MEDIUM POC This Month

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Gdpr Cookie Compliance
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2020-36729 MEDIUM POC PATCH This Month

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass 2J Slideshow
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-3144 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3143 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3142 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-4352 MEDIUM POC This Month

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Jobsearch Wp Job Board
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-3126 MEDIUM POC This Month

The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass B2Bking
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4364 MEDIUM POC This Month

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Jobsearch Wp Job Board
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4371 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36699 MEDIUM POC This Month

The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Quick Page Post Redirect
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4375 MEDIUM POC This Month

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Welcart E Commerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-4948 MEDIUM POC This Month

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Flyingpress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-33848 MEDIUM This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cics Tx Txseries For Multiplatforms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-29345 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS Microsoft Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2015 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33595 MEDIUM PATCH This Month

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Python
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-2442 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
96.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy