Skip to main content
CVE-2020-36706 CRITICAL POC Act Now

The Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload RCE Simple
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2023-5682 CRITICAL POC Act Now

A vulnerability has been found in Tongda OA 2017 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2441 HIGH POC PATCH This Week

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE WordPress CSRF Imagemagick Engine
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-4999 HIGH POC This Week

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Horizontal Scrolling Announcement
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-36698 HIGH POC This Week

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Security Malware Scan
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4598 HIGH POC PATCH This Week

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Slimstat Analytics
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5690 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5687 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mosparo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5686 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4402 HIGH POC This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Essential Blocks +1
NVD VulDB
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-45805 HIGH POC PATCH This Week

pdm is a Python package and dependency manager supporting the latest PEP standards. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Pdm Unearth
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40361 HIGH POC This Week

SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qiata
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46277 HIGH POC PATCH This Week

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Please
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-36714 HIGH POC This Week

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-5681 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-44256 MEDIUM POC This Month

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Path Traversal SSRF Information Disclosure Fortianalyzer +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-4274 MEDIUM POC PATCH This Month

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal WordPress Migration Backup Staging
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-4961 MEDIUM POC PATCH This Month

The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Popups
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5109 MEDIUM POC This Month

The WP Mailto Links - Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Mailto Links
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4919 MEDIUM POC PATCH This Month

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Iframe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-38191 MEDIUM POC This Month

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4488 CRITICAL PATCH Act Now

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37824 CRITICAL Act Now

Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Sitolog Application Connect
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39680 CRITICAL Act Now

Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Unicopia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34051 CRITICAL PATCH Act Now

VMware Aria Operations for Logs contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

RCE VMware Authentication Bypass Aria Operations For Logs
NVD
CVSS 3.1
9.8
EPSS
44.7%
CVE-2023-5414 CRITICAL PATCH Act Now

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Icegram Express
NVD VulDB
CVSS 3.1
9.1
EPSS
2.1%
CVE-2023-5070 MEDIUM PATCH This Month

The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.9%.

Information Disclosure WordPress Social Media Share Buttons Social Sharing Icons
NVD VulDB
CVSS 3.1
6.5
EPSS
14.9%
CVE-2023-43346 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43357 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43356 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43355 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43354 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43353 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5689 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5688 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45471 MEDIUM POC This Month

The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Search Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45394 MEDIUM POC This Month

Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in the Admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Small Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-4353 MEDIUM POC This Month

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Woocommerce Dynamic Pricing Discounts
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-4386 HIGH This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Essential Blocks
NVD VulDB
CVSS 3.1
8.1
EPSS
4.0%
CVE-2022-4290 HIGH PATCH This Week

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Cyr To Lat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-4334 HIGH This Week

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Fancy Product Designer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-46117 HIGH PATCH This Week

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Reconftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23373 HIGH This Week

An OS command injection vulnerability has been reported to affect QUSBCam2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qusbcam2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4796 MEDIUM POC PATCH This Month

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure WordPress Booster For Woocommerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-36753 MEDIUM POC PATCH This Month

The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Hueman
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36751 MEDIUM POC PATCH This Month

The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Coupon Creator
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4418 MEDIUM POC PATCH This Month

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP WordPress CSRF Custom Css Js Php
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36759 MEDIUM POC PATCH This Month

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Woody Code Snippets
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36758 MEDIUM POC PATCH This Month

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36755 MEDIUM POC PATCH This Month

The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Customizr
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy