Skip to main content
CVE-2023-45158 CRITICAL PATCH Act Now

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Web2Py
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-33836 CRITICAL PATCH Act Now

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-45144 CRITICAL PATCH Act Now

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Oauth Identity
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2023-5595 MEDIUM POC PATCH This Month

Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40851 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS User Registration Login And User Management System With Admin Panel
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5167 MEDIUM POC This Month

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Activity Log
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5087 MEDIUM POC This Month

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Pagelayer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5057 MEDIUM POC This Month

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Activitypub
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4821 MEDIUM POC This Month

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Drag And Drop Multiple File Uploader
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4820 MEDIUM POC This Month

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Powerpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4811 MEDIUM POC This Month

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Wordpress File Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4805 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4798 MEDIUM POC This Month

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Avatar Reloaded
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4795 MEDIUM POC This Month

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Testimonial Slider Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4783 MEDIUM POC This Month

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Magee Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4646 MEDIUM POC This Month

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Posts Ticker
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4289 MEDIUM POC This Month

The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Matterport Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3746 MEDIUM POC This Month

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Activitypub
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5561 MEDIUM POC This Month

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle WordPress Information Disclosure
NVD WPScan
CVSS 3.1
5.3
EPSS
3.9%
CVE-2023-5177 MEDIUM POC This Month

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Vrm360
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5089 MEDIUM POC This Month

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Defender Security
NVD WPScan
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-4933 MEDIUM POC This Month

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Wp Job Openings
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5422 CRITICAL Act Now

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Otrs
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-3279 MEDIUM POC This Month

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Nextgen Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-45690 MEDIUM POC This Month

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Titan Ftp Server Titan Mft Server
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2023-45141 HIGH PATCH This Week

Fiber is an express inspired web framework written in Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Fiber
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45128 HIGH PATCH This Week

Fiber is an express inspired web framework written in Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fiber
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4862 MEDIUM POC This Month

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Filester
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4725 MEDIUM POC This Month

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Posts Ticker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4388 MEDIUM POC This Month

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventon
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-43118 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Exos
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45151 HIGH PATCH This Week

Nextcloud server is an open source home cloud platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43120 HIGH This Week

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Exos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46087 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page - Hit Counter plugin <= 1.4.14.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Who Hit The Page Hit Counter
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45836 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ultimate Taxonomy Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45831 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP - Google AMP For WordPress plugin <= 1.5.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Google Amp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45763 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Taggbox
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45753 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Which Template File
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45752 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45749 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Agp Font Awesome Collection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45748 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailchimp Forms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45647 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Constant Contact Forms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45645 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Open Street Map
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45643 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cpt Shortcode Generator
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45642 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Snap Pixel
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45641 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Country Access Limit
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45639 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sort Searchresult By Title
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45656 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lazy Load For Videos
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45655 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pixfields
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45654 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments Rating
NVD
CVSS 3.1
8.8
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy