Skip to main content
CVE-2023-2895 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2083 MEDIUM PATCH This Month

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Essential Blocks
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2286 MEDIUM PATCH This Month

The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Activity Log
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0993 MEDIUM PATCH This Month

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass XSS WordPress Shield Security
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2893 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0831 MEDIUM PATCH This Month

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Under Construction
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0832 MEDIUM PATCH This Month

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Under Construction
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2284 MEDIUM PATCH This Month

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Activity Log
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1169 MEDIUM PATCH This Month

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Ooohboi Steroids For Elementor Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2764 MEDIUM PATCH This Month

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Draw Attention
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2556 MEDIUM PATCH This Month

The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wordpress Currency Switcher
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2555 MEDIUM PATCH This Month

The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wordpress Currency Switcher Professional
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2285 MEDIUM PATCH This Month

The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Activity Log
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1375 MEDIUM PATCH This Month

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Fastest Cache
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2557 MEDIUM PATCH This Month

The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wordpress Currency Switcher Professional
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1910 MEDIUM This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Getwid
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2897 LOW PATCH Monitor

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure WordPress Brizy
NVD VulDB
CVSS 3.1
3.7
EPSS
0.1%
CVE-2023-2599 LOW PATCH Monitor

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SQLi WordPress CSRF Denial Of Service Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
3.1
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy