Skip to main content
CVE-2020-36754 MEDIUM POC PATCH This Month

The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Paid Memberships Pro
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-5576 HIGH PATCH This Week

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-3342 HIGH PATCH This Week

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Jetpack Crm
NVD VulDB
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-3487 HIGH This Week

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gecko Bootloader
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34045 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5523 HIGH This Week

Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Web Companion
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34052 HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization Aria Operations For Logs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-4943 HIGH This Week

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google WordPress Google Authenticator
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-4712 HIGH This Week

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Cerber Security Anti Spam Malware Scan
NVD VulDB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-32786 HIGH PATCH This Week

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Langchain
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5524 HIGH This Week

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Web Companion
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-34046 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-44483 MEDIUM PATCH This Month

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Apache Information Disclosure Santuario Xml Security For Java
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-5071 MEDIUM PATCH This Month

The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sitekit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5086 MEDIUM PATCH This Month

The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Copy Anything To Clipboard
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5050 MEDIUM PATCH This Month

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Leaflet Map
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5292 MEDIUM PATCH This Month

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Custom Fields Extended Advanced Custom Fields
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5308 MEDIUM PATCH This Month

The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Podcast Subscribe Buttons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5200 MEDIUM PATCH This Month

The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Flowpaper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5615 MEDIUM This Month

The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Skype Legacy Buttons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5337 MEDIUM This Month

The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Formforall
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5231 MEDIUM This Month

The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Magic Action Box
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5618 MEDIUM PATCH This Month

The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Modern Footnotes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4482 MEDIUM PATCH This Month

The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Auto Amazon Links
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5614 MEDIUM PATCH This Month

The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Theme Switcha
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5613 MEDIUM PATCH This Month

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Super Testimonials
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5668 MEDIUM PATCH This Month

The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Whatsapp Share Button
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-4335 MEDIUM This Month

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Fancy Product Designer
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-3965 MEDIUM This Month

The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Nsc
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-3962 MEDIUM This Month

The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Winters
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-3933 MEDIUM This Month

The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Your Journey
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-46287 MEDIUM PATCH This Month

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Nagvis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34044 MEDIUM This Month

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Workstation Fusion
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-4968 MEDIUM PATCH This Month

The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wplegalpages
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4954 MEDIUM This Month

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Waiting
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46115 MEDIUM PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Tauri
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4668 MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure WordPress Authentication Bypass Ad Inserter
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4924 MEDIUM This Month

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF Bear Woocommerce Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-4926 MEDIUM This Month

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Bear Woocommerce Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-4923 MEDIUM This Month

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Bear Woocommerce Bulk Editor And Products Manager Professional
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2325 MEDIUM This Month

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Classic Web
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41893 MEDIUM PATCH This Month

Home assistant is an open source home automation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Assistant
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5533 MEDIUM PATCH This Month

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wpbot
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-3998 MEDIUM This Month

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpdiscuz
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-3869 MEDIUM This Month

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdiscuz
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41894 MEDIUM This Month

Home assistant is an open source home automation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Assistant
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39731 MEDIUM This Month

The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kaibutsunosato
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-5120 MEDIUM PATCH This Month

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3996 MEDIUM PATCH This Month

The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.16 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Armember
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-5121 MEDIUM PATCH This Month

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy