Skip to main content
CVE-2023-2249 HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP SSRF RCE +2
NVD VulDB
CVSS 3.1
8.8
EPSS
48.2%
CVE-2023-0992 HIGH PATCH Act Now

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 38.8%.

WordPress XSS Shield Security
NVD VulDB
CVSS 3.1
7.2
EPSS
38.8%
CVE-2023-3173 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository froxlor/froxlor prior to 2.0.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33557 HIGH POC This Week

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fuel Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3177 HIGH POC This Week

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3176 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34112 HIGH POC This Week

JavaCPP Presets is a project providing Java distributions of native C++ libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Command Injection Javacpp Presets
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29766 HIGH POC This Week

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Crossx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29757 HIGH POC This Week

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Blue Light Filter
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29755 HIGH POC This Week

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Twilight
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29752 HIGH POC This Week

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Authentication Bypass Facemoji Emoji Keyboard
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29749 HIGH POC This Week

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Navigator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-3172 HIGH POC PATCH This Week

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Froxlor
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-27706 HIGH POC This Week

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitwarden
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-2305 MEDIUM POC PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-29712 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-34364 CRITICAL Act Now

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Oracle Datadirect Odbc Oracle Wire Protocol Driver
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-29753 MEDIUM POC This Month

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Facemoji
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29751 MEDIUM POC This Month

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Navigator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29767 MEDIUM POC This Month

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Crossx
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29761 MEDIUM POC This Month

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Sleep
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29759 MEDIUM POC This Month

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Flightaware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29758 MEDIUM POC This Month

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Blue Light Filter
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29756 MEDIUM POC This Month

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Twilight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0292 MEDIUM POC PATCH This Month

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Quiz And Survey Master
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2414 MEDIUM POC PATCH This Month

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Online Booking Scheduling Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-3187 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Teachers Record Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2023-34856 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link XSS Di 7500G Ci Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3183 MEDIUM POC This Month

A vulnerability was found in SourceCodester Performance Indicator System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Performance Indicator System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2159 MEDIUM POC PATCH This Month

The CMP - Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Cmp
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-0342 MEDIUM POC This Month

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ops Manager Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-1888 HIGH This Week

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP Directorist
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2237 HIGH PATCH This Week

The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Replicate Post
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30262 HIGH PATCH This Week

An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Mim Concurrent License Server Mim Local Concurrent License Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3184 MEDIUM POC This Month

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sales Tracker Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
4.8
EPSS
2.3%
CVE-2023-1895 HIGH This Week

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Getwid
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-0721 HIGH PATCH This Week

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2023-2189 MEDIUM POC This Month

The Elementor Addons, Widgets and Enhancements - Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Stax
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32731 HIGH PATCH This Week

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1428 HIGH PATCH This Week

There exists an vulnerability causing an abort() to be called in gRPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2607 HIGH PATCH This Week

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Multiple Page Generator
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-2484 HIGH PATCH This Week

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-0291 HIGH PATCH This Week

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz And Survey Master
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-2454 HIGH This Week

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-3141 HIGH This Week

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-1430 MEDIUM PATCH This Month

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Fluentcrm
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-1016 MEDIUM PATCH This Month

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags'. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

SQLi WordPress Intuitive Custom Post Order
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-0694 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Information Disclosure Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0693 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Information Disclosure Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0688 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy