Skip to main content
CVE-2023-41040 MEDIUM POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Python Gitpython
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-4013 MEDIUM POC This Month

The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Gdpr Cookie Compliance
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3720 MEDIUM POC This Month

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Upload Media By Url
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25471 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wcp Openweather
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25453 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Tables
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3992 MEDIUM POC This Month

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Postx
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34032 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bbpress Toolkit
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34023 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Social Login
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34022 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dynamic Qr Code Generator
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34008 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Erp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-41538 MEDIUM POC This Month

phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Php Forum Script
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-41537 MEDIUM POC This Month

phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Directory Script
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25466 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Who Hit The Page Hit Counter
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2023-39136 MEDIUM POC This Month

An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ziparchive
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38970 MEDIUM POC This Month

Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-35094 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Matterport Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4035 MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Blog Card
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34004 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Microsoft Woocommerce Box Office
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4522 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions before 16.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-35092 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Breadcrumb Simple
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34372 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spamreferrerblock
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32294 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gdpr Cookie Consent Notice Box
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28692 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Abstracts
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28415 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Side Cart Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27621 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Livestream Notice
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24401 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mobile Call Now Map Buttons
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24397 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reservation Studio
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4109 MEDIUM POC This Month

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Ninja Forms Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3501 MEDIUM POC This Month

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Formcraft
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34173 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yandex Metric Counter
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34172 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Social Login
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1982 MEDIUM POC This Month

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Front Editor
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4209 MEDIUM POC This Month

The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Poeditor
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4150 MEDIUM POC This Month

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF User Activity Tracking And Log
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4036 MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Simple Blog Card
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4023 MEDIUM POC This Month

The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress All Users Messenger
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3356 MEDIUM POC This Month

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Subscribers Text Counter
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-23765 MEDIUM This Month

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40184 MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol (RDP) server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xrdp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4597 MEDIUM This Month

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Slimstat Analytics
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-4599 MEDIUM This Month

The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Email Encoder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41163 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40592 MEDIUM This Month

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34184 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Order Address Print
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34180 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress Free Google Fonts
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34176 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chilexpress Oficial
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34175 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Login Configurator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34174 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bbs E Popup
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33325 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leyka
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33320 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Hijri
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy