Skip to main content
CVE-2023-28324 CRITICAL POC THREAT Emergency

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2023-26136 CRITICAL POC PATCH Act Now

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Tough Cookie
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-30589 HIGH POC PATCH This Week

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Node Js Fedora
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2023-28364 MEDIUM POC This Month

An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect Browser
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28323 CRITICAL Act Now

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-22814 CRITICAL Act Now

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.26.202. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass My Cloud Os
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28365 CRITICAL Act Now

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Command Injection Unifi Network Application
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-31997 CRITICAL Act Now

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Os
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2021-4401 HIGH PATCH This Week

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Style Kits
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-4394 MEDIUM POC PATCH This Month

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Locations
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4388 MEDIUM POC This Month

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Opal Estate
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4387 MEDIUM POC This Month

The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Opal Estate
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36735 MEDIUM POC PATCH This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Wp Erp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36739 MEDIUM POC PATCH This Month

The Feed Them Social - Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Feed Them Social
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36738 MEDIUM POC PATCH This Month

The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Cool Timeline
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4390 MEDIUM POC This Month

The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Contact Form 7 Style
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36737 MEDIUM POC PATCH This Month

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Import Export Customizer Settings
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36736 MEDIUM POC PATCH This Month

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Cartflows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36749 MEDIUM POC PATCH This Month

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Easy Testimonials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36748 MEDIUM POC PATCH This Month

The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Dokan
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36747 MEDIUM POC PATCH This Month

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Lightweight Sidebar Manager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36746 MEDIUM POC PATCH This Month

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Menu Swapper
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4393 MEDIUM POC PATCH This Month

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ecommerce Product Catalog
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4392 MEDIUM POC PATCH This Month

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ecommerce Product Catalog
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4391 MEDIUM POC PATCH This Month

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ultimate Gift Cards For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4389 MEDIUM POC PATCH This Month

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Wp Travel
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-30586 HIGH This Week

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Node.js OpenSSL Authentication Bypass Node Js
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-4402 MEDIUM PATCH This Month

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Multiple Roles
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4405 MEDIUM PATCH This Month

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elasticpress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4386 MEDIUM This Month

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Security Questions
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4385 MEDIUM This Month

The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Private Content Plus
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4399 MEDIUM PATCH This Month

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Bridge
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4398 MEDIUM PATCH This Month

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Amministrazione Trasparente
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4404 MEDIUM PATCH This Month

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Event Espresso 4 Decaf
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4403 MEDIUM PATCH This Month

The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Remove Schema
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4397 MEDIUM PATCH This Month

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Staff Directory Plugin
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4396 MEDIUM PATCH This Month

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rucy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4384 MEDIUM This Month

The WordPress Photo Gallery - Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Photo Contest
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36745 MEDIUM This Month

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Project Manager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36740 MEDIUM This Month

The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Radio Buttons For Taxonomies
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4400 MEDIUM PATCH This Month

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Better Search
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4395 MEDIUM PATCH This Month

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Abandoned Cart Recovery For Woocommerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36744 MEDIUM This Month

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Notificationx
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36743 MEDIUM This Month

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Catalog Simple
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36742 MEDIUM This Month

The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Custom Field Template
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36741 MEDIUM This Month

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Multivendorx
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy