Skip to main content
CVE-2020-36703 MEDIUM POC This Month

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Website Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4344 MEDIUM POC This Month

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Privilege Escalation Frontend File Manager Plugin
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4378 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-36704 MEDIUM POC This Month

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fruitful Theme
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4363 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-4366 MEDIUM POC This Month

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Pwa For Wp Amp
NVD WPScan
CVSS 3.1
6.3
EPSS
0.0%
CVE-2019-25148 MEDIUM POC This Month

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Html Mail
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27881 CRITICAL Act Now

A user could use the “Upload Resource” functionality to upload files to any location on the disk. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vuforia Studio
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2022-4950 HIGH PATCH This Week

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE WordPress Authentication Bypass Cool Timeline Cryptocurrency Widgets +9
NVD VulDB
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-4351 MEDIUM POC This Month

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Frontend File Manager Plugin
NVD VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2021-4369 MEDIUM POC PATCH This Month

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Frontend File Manager Plugin
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2023-31116 CRITICAL Act Now

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Exynos 5123 Firmware Exynos 5300 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34237 CRITICAL PATCH Act Now

SABnzbd is an open source automated Usenet download tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Sabnzbd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-2530 CRITICAL Act Now

A privilege escalation allowing remote code execution was discovered in the orchestration service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Puppet Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2186 CRITICAL Act Now

On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Scada Data Gateway
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-36709 MEDIUM POC This Month

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Builder Kingcomposer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-36722 MEDIUM POC This Month

The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Visual Composer Website Builder
NVD WPScan
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-36702 MEDIUM POC This Month

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Spectra
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-33283 MEDIUM POC This Month

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Msm
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-2878 MEDIUM POC PATCH This Month

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Secrets Store Csi Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-25144 MEDIUM POC This Month

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Html Mail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-36710 MEDIUM POC This Month

The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wps Hide Login
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-25151 MEDIUM POC This Month

The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Cartflows
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2019-25143 MEDIUM POC This Month

The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Gdpr Cookie Compliance
NVD WPScan
CVSS 3.1
5.4
EPSS
0.0%
CVE-2020-36729 MEDIUM POC PATCH This Month

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass 2J Slideshow
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-3144 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3143 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3142 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-4352 MEDIUM POC This Month

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Jobsearch Wp Job Board
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-31114 CRITICAL Act Now

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware Exynos 5300 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-33604 CRITICAL Act Now

Imperial CMS v7.5 was discovered to contain an arbitrary file deletion vulnerability via the DelspReFile function in /sp/ListSp.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Imperial Cms
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-36707 HIGH This Week

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF Nifty Coming Soon Maintenance Mode Page
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33284 HIGH This Week

Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Msm
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-34108 HIGH PATCH This Week

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33498 HIGH This Week

alist <=3.16.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Alist
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3126 MEDIUM POC This Month

The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass B2Bking
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4364 MEDIUM POC This Month

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Jobsearch Wp Job Board
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4371 MEDIUM POC This Month

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36699 MEDIUM POC This Month

The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Quick Page Post Redirect
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4375 MEDIUM POC This Month

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Welcart E Commerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-4948 MEDIUM POC This Month

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Flyingpress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-29152 HIGH This Week

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-30576 HIGH This Week

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Apache RCE Memory Corruption Guacamole
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-1388 HIGH This Week

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Agent
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31200 HIGH This Week

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Vuforia Studio
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2023-2866 HIGH This Week

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25177 HIGH PATCH This Week

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24014 HIGH PATCH This Week

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1709 HIGH This Week

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0976 HIGH This Week

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Agent
NVD
CVSS 3.1
7.8
EPSS
0.6%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy