Skip to main content
CVE-2023-4635 MEDIUM POC This Month

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventon Lite
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-38194 MEDIUM POC This Month

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-38192 MEDIUM POC This Month

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-46054 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46003 MEDIUM POC This Month

I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Doit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5205 MEDIUM This Month

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add Custom Body Class
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-45680 MEDIUM This Month

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stb Vorbis C
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-45663 MEDIUM This Month

stb_image is a single file MIT licensed library for processing images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stb Image H
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-4939 MEDIUM PATCH This Month

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Code Injection Salesmanago
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy