Skip to main content
CVE-2023-4776 HIGH POC This Week

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpschoolpress
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4643 HIGH POC This Week

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Enable Media Replace
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-45687 HIGH POC This Week

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Session Fixation Microsoft Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4827 HIGH POC This Week

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Filester
NVD WPScan
CVSS 3.1
8.8
EPSS
6.8%
CVE-2023-42459 HIGH POC PATCH This Week

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5133 HIGH POC This Week

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress User Activity Log
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5003 HIGH POC THREAT This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
25.9%
CVE-2023-3154 HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization Nextgen Gallery
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45985 HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4971 HIGH POC This Week

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Weaver Xtreme Theme Support
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-4861 HIGH POC This Week

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Filester
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-4691 HIGH POC This Week

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Bookly
NVD WPScan
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-3155 HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Nextgen Gallery
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-45686 HIGH POC This Week

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Mfp Server
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-3392 HIGH POC This Week

The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Read More Accordion
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-45141 HIGH PATCH This Week

Fiber is an express inspired web framework written in Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Fiber
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45128 HIGH PATCH This Week

Fiber is an express inspired web framework written in Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Fiber
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-43118 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Exos
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45151 HIGH PATCH This Week

Nextcloud server is an open source home cloud platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43120 HIGH This Week

An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Exos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46087 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page - Hit Counter plugin <= 1.4.14.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Who Hit The Page Hit Counter
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45836 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ultimate Taxonomy Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45831 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP - Google AMP For WordPress plugin <= 1.5.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Google Amp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45763 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Taggbox
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45753 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Which Template File
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45752 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45749 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Agp Font Awesome Collection
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45748 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailchimp Forms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45647 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Constant Contact Forms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45645 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Open Street Map
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45643 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cpt Shortcode Generator
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45642 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Snap Pixel
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45641 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Country Access Limit
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45639 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sort Searchresult By Title
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45656 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lazy Load For Videos
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45655 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pixfields
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45654 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments Rating
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45653 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Video Playlist For Youtube
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45651 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Attachments
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45650 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Html5 Maps
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45638 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Eupago Gateway Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45629 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery - Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gallery Image And Video Gallery With Thumbnails
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Urls
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45605 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Feed Statistics
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45274 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Free Web Push
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45273 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Stout Google Calendar
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21415 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2016 Axis Os 2018 Axis Os 2020 +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-45898 HIGH PATCH This Week

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-38280 HIGH PATCH This Week

IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Hardware Management Console
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40377 HIGH PATCH This Week

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy