Skip to main content
CVE-2023-2305 MEDIUM POC PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-29712 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-29753 MEDIUM POC This Month

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Facemoji
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29751 MEDIUM POC This Month

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Navigator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29767 MEDIUM POC This Month

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Crossx
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29761 MEDIUM POC This Month

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Sleep
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29759 MEDIUM POC This Month

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Flightaware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29758 MEDIUM POC This Month

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Authentication Bypass Blue Light Filter
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29756 MEDIUM POC This Month

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Twilight
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0292 MEDIUM POC PATCH This Month

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Quiz And Survey Master
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2414 MEDIUM POC PATCH This Month

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Online Booking Scheduling Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-3187 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Teachers Record Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2023-34856 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link XSS Di 7500G Ci Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3183 MEDIUM POC This Month

A vulnerability was found in SourceCodester Performance Indicator System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Performance Indicator System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2159 MEDIUM POC PATCH This Month

The CMP - Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Cmp
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-0342 MEDIUM POC This Month

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ops Manager Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-3184 MEDIUM POC This Month

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sales Tracker Management System
NVD GitHub VulDB Exploit-DB
CVSS 3.1
4.8
EPSS
2.3%
CVE-2023-2189 MEDIUM POC This Month

The Elementor Addons, Widgets and Enhancements - Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Stax
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1430 MEDIUM PATCH This Month

The FluentCRM - Marketing Automation For WordPress plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.8.01 due to the use of an MD5 hash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Fluentcrm
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-1016 MEDIUM PATCH This Month

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags'. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

SQLi WordPress Intuitive Custom Post Order
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-0694 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Information Disclosure Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0693 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Information Disclosure Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0688 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-2280 MEDIUM PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Directory Kit
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-1843 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2891 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2892 MEDIUM PATCH This Month

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Easycart
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-1889 MEDIUM This Month

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Directorist
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34100 MEDIUM PATCH This Month

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1615 MEDIUM PATCH This Month

The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Ultimate Addons For Contact Form 7
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2558 MEDIUM PATCH This Month

The WPCS - WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Currency Switcher Professional
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1404 MEDIUM PATCH This Month

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Weaver Show Posts
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1403 MEDIUM PATCH This Month

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Weaver Xtreme Theme
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-1978 MEDIUM PATCH This Month

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shiftcontroller
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-2067 MEDIUM PATCH This Month

The Announcement & Notification Banner - Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status',. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Announcement Notification Banner Bulletin
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2066 MEDIUM PATCH This Month

The Announcement & Notification Banner - Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Announcement Notification Banner Bulletin
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2604 MEDIUM PATCH This Month

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Team Circle Image Slider With Lightbox
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2402 MEDIUM PATCH This Month

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Photo Gallery Slideshow Masonry Tiled Gallery
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2289 MEDIUM PATCH This Month

The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Vertical Image Slider
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2184 MEDIUM This Month

The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Responsive Tabs
NVD VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-26465 MEDIUM This Month

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29714 MEDIUM This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29713 MEDIUM This Month

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Secure Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-34245 MEDIUM PATCH This Month

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Plate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34363 MEDIUM This Month

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Datadirect Odbc Oracle Wire Protocol Driver
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-2031 MEDIUM PATCH This Month

The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Locatoraid
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-1917 MEDIUM PATCH This Month

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Powerpress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0709 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0708 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0695 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy