Skip to main content
CVE-2023-2068 CRITICAL POC THREAT Emergency

The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP File Manager Advanced Shortcode
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
39.6%
CVE-2023-3432 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2023-2601 CRITICAL POC Act Now

The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi Wp Brutal Ai
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-2032 CRITICAL POC Act Now

The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Custom 404 Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2996 HIGH POC This Week

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization Jetpack
NVD WPScan
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-2877 HIGH POC THREAT This Week

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Formidable Forms
NVD WPScan
CVSS 3.1
8.8
EPSS
22.5%
CVE-2023-2628 HIGH POC This Week

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Kivicare
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3423 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2842 HIGH POC This Week

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Inventory Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-2744 HIGH POC This Week

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Erp
NVD WPScan
CVSS 3.1
7.2
EPSS
2.6%
CVE-2023-2592 HIGH POC This Week

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Formcraft
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2482 HIGH POC This Week

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Responsive Css Editor
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-34839 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pbx
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-2623 MEDIUM POC This Month

The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Kivicare
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2326 MEDIUM POC This Month

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Gravity Forms Google Sheets Connector
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3411 MEDIUM POC This Month

The Image Map Pro - Drag-and-drop Builder for Interactive Images - Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Image Map Pro
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-36463 MEDIUM POC PATCH This Month

Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Meldekarten Generator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2743 MEDIUM POC This Month

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Erp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2624 MEDIUM POC This Month

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kivicare
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2605 MEDIUM POC This Month

The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Brutal Ai
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1891 MEDIUM POC This Month

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Accordion Faq
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0588 MEDIUM POC This Month

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zoho Zoho Crm Client Portal
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34240 CRITICAL Act Now

Cloudexplorer-lite is an open source cloud software stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-36464 MEDIUM POC PATCH This Month

pypdf is an open source, pure-python PDF library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf Pypdf2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34838 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34837 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34836 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34835 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34830 MEDIUM POC This Month

i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-3431 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Plantuml Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-2795 MEDIUM POC This Month

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Codecolorer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2711 MEDIUM POC This Month

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Product Catalog
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2580 MEDIUM POC This Month

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ai Engine
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2178 MEDIUM POC This Month

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Aajoda Testimonials
NVD WPScan
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-1166 MEDIUM POC This Month

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Usm Premium
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0873 MEDIUM POC This Month

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Kanban Boards For Wordpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2627 MEDIUM POC This Month

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Kivicare
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-25002 HIGH This Week

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3ds Max Navisworks +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25001 HIGH This Week

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29068 HIGH This Week

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25004 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Alias Autocad Autocad Advance Steel +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22593 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM Robotic Process Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34395 HIGH PATCH This Week

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Apache Apache Airflow Providers Odbc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-30993 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28857 HIGH PATCH This Week

Apereo CAS is an open source multilingual single sign-on solution for the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26276 HIGH PATCH This Week

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3405 HIGH This Week

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-36000 MEDIUM This Month

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3412 MEDIUM This Month

The Image Map Pro - Drag-and-drop Builder for Interactive Images - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Image Map Pro
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-32339 MEDIUM PATCH This Month

IBM Business Automation Workflow is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
6.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy