Skip to main content
CVE-2020-36730 HIGH POC THREAT Act Now

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.4%.

WordPress Authentication Bypass Cmp
NVD WPScan
CVSS 3.1
8.3
EPSS
46.4%
Threat
4.6
CVE-2023-33782 HIGH POC THREAT Act Now

D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.9%.

Command Injection D-Link Dir 842V2 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
42.9%
Threat
4.5
CVE-2023-33781 HIGH POC THREAT Act Now

An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.0%.

Information Disclosure D-Link Dir 842V2 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
36.0%
Threat
4.3
CVE-2023-3124 HIGH POC THREAT Act Now

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

Authentication Bypass Privilege Escalation WordPress Elementor Pro Elementor
NVD VulDB
CVSS 3.1
8.8
EPSS
26.0%
Threat
4.0
CVE-2020-36731 HIGH POC THREAT Act Now

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

XSS WordPress Flexible Checkout Fields
NVD
CVSS 3.1
7.2
EPSS
19.5%
CVE-2022-4949 HIGH POC PATCH This Week

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload Adsanity Xen
NVD VulDB
CVSS 3.1
8.8
EPSS
8.6%
CVE-2021-4354 HIGH POC This Week

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE Pwa For Wp Amp
NVD VulDB
CVSS 3.1
8.8
EPSS
7.8%
CVE-2020-36701 HIGH POC PATCH This Week

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP File Upload Page Builder King Composer
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-25142 HIGH POC PATCH This Week

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Materialis Mesmerize
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-36725 HIGH POC This Week

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Ti Woocommerce Wishlist
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-25150 HIGH POC This Week

The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Email Templates
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-36717 HIGH POC This Week

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Kali Forms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-4349 HIGH POC PATCH This Week

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Process Steps Template Designer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-4361 HIGH POC This Week

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Jobsearch Wp Job Board
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-36700 HIGH POC PATCH This Week

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass PHP Page Builder Kingcomposer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-4337 HIGH POC This Week

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Add Product Tabs Autopilot Seo Bulk Add To Cart +13
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-4373 HIGH POC PATCH This Week

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Better Search
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-3152 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3151 HIGH POC This Week

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3150 HIGH POC This Week

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3149 HIGH POC This Week

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3148 HIGH POC This Week

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3147 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3146 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3145 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-20888 HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an authenticated deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE VMware Deserialization Vrealize Network Insight
NVD
CVSS 3.1
8.8
EPSS
82.3%
CVE-2023-33538 HIGH POC KEV THREAT This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wr940n Firmware Tl Wr841n Firmware Tl Wr740N Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
41.9%
CVE-2023-33601 HIGH POC This Week

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Phpok
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-36712 HIGH POC This Week

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Kali Forms
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2021-4383 HIGH POC This Week

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Quick Frontend Editor
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-33537 HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-33536 HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-33865 HIGH POC This Week

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Renderdoc
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-4355 HIGH POC This Week

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Welcart E Commerce
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-4339 HIGH POC This Week

The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Ulisting
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-4348 HIGH POC This Week

The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Ultimate Gdpr Ccpa Compliance Toolkit
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-25149 HIGH POC This Week

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Gallery Images Ape
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2020-36696 HIGH POC PATCH This Week

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Product Input Fields For Woocommerce
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33510 HIGH POC This Week

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jeecg P3 Biz Chat
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2023-20889 HIGH POC PATCH THREAT This Week

Aria Operations for Networks contains an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Information Disclosure VMware Command Injection Vrealize Network Insight
NVD
CVSS 3.1
7.5
EPSS
79.3%
CVE-2019-25146 HIGH POC PATCH This Week

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Delucks Seo
NVD VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-4358 HIGH POC This Week

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Dsgvo Tools
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-25147 HIGH POC PATCH This Week

The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Pretty Links
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-36715 HIGH POC PATCH This Week

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Login Signup Popup
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2021-4365 HIGH POC PATCH This Week

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Frontend File Manager Plugin
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2019-25140 HIGH POC PATCH This Week

The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Coming Soon Page Maintenance Mode
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-36716 HIGH POC PATCH This Week

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Wp Activity Log
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2020-36697 HIGH POC This Week

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Gdpr
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2019-25145 HIGH POC This Week

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Contact Form
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-4350 HIGH POC This Week

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Frontend File Manager Plugin
NVD
CVSS 3.1
7.2
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy