Skip to main content
CVE-2023-2280 MEDIUM PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Directory Kit
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-1843 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2891 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2892 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-1889 MEDIUM This Month

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Directorist
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34100 MEDIUM PATCH This Month

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1615 MEDIUM PATCH This Month

The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Ultimate Addons For Contact Form 7
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2558 MEDIUM PATCH This Month

The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Currency Switcher Professional
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1404 MEDIUM PATCH This Month

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Weaver Show Posts
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1403 MEDIUM PATCH This Month

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Weaver Xtreme Theme
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1978 MEDIUM PATCH This Month

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shiftcontroller
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-2067 MEDIUM PATCH This Month

The Announcement & Notification Banner - Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status',. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Announcement Notification Banner Bulletin
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2066 MEDIUM PATCH This Month

The Announcement & Notification Banner - Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Announcement Notification Banner Bulletin
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2604 MEDIUM PATCH This Month

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Team Circle Image Slider With Lightbox
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2402 MEDIUM PATCH This Month

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Photo Gallery Slideshow Masonry Tiled Gallery
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2289 MEDIUM PATCH This Month

The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Vertical Image Slider
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2184 MEDIUM This Month

The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Responsive Tabs
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-26465 MEDIUM This Month

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29714 MEDIUM This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29713 MEDIUM This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-34245 MEDIUM PATCH This Month

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34363 MEDIUM This Month

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Datadirect Odbc Oracle Wire Protocol Driver
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-2031 MEDIUM PATCH This Month

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Locatoraid
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-1917 MEDIUM PATCH This Month

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Powerpress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0709 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0708 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0695 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0729 MEDIUM PATCH This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wicked Folders
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2526 MEDIUM PATCH This Month

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Google WordPress CSRF Easy Google Maps
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2455 MEDIUM This Month

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-2121 MEDIUM PATCH This Month

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hashicorp Vault
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32312 MEDIUM PATCH This Month

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Umbraco Identity Extensibility
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32732 MEDIUM PATCH This Month

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Grpc Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-2688 MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress File Upload Path Traversal Wordpress File Upload Wordpress File Upload Pro
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-0710 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-2584 MEDIUM PATCH This Month

The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Pixelyoursite Pixelyoursite Pro
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2452 MEDIUM PATCH This Month

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Woo Search
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2767 MEDIUM PATCH This Month

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload WordPress XSS Wordpress File Upload Wordpress File Upload Pro
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-2450 MEDIUM PATCH This Month

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

WordPress XSS Fibosearch
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2023-1807 MEDIUM This Month

The Elementor Addons, Widgets and Enhancements - Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stax
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-0692 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress Authentication Bypass Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-0691 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-2261 MEDIUM PATCH This Month

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Activity Log
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-2086 MEDIUM PATCH This Month

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Essential Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-2085 MEDIUM PATCH This Month

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Essential Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-2894 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2084 MEDIUM PATCH This Month

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Essential Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2275 MEDIUM PATCH This Month

The WooCommerce Multivendor Marketplace - REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item',. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Woocommerce Multivendor Marketplace
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2087 MEDIUM PATCH This Month

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Essential Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2896 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy