Skip to main content
CVE-2023-5601 CRITICAL POC Act Now

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Woocommerce Ninja Forms Product Add Ons
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46731 CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
88.5%
CVE-2023-47253 CRITICAL POC THREAT Act Now

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Qualitor
NVD
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-47004 HIGH POC This Week

Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Redis Redisgraph
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-5355 HIGH POC This Week

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Awesome Support
NVD WPScan
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-5454 HIGH POC This Week

The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Templately
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39345 HIGH POC PATCH This Week

strapi is an open-source headless CMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Strapi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5082 HIGH POC This Week

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Sitemap By Click5
NVD WPScan
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-45657 HIGH Act Now

A vulnerability in posimyththemes Nexter nexter.0.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.2% and no vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
12.2%
CVE-2023-4930 MEDIUM POC This Month

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Front End Pm
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5354 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Awesome Support
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46732 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-38382 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Subscribe To Category
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5777 CRITICAL Act Now

Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easybuilder Pro
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5719 CRITICAL Act Now

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Crimson
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-45827 CRITICAL PATCH Act Now

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

RCE Prototype Pollution Dot Diver
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45830 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Accessibility Suite By Online Ada
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38406 CRITICAL PATCH Act Now

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-45556 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Mybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4699 CRITICAL Act Now

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx3U 32Mt Es Firmware Fx3U 48Mt Es Firmware Fx3U 64Mt Es Firmware Fx3U 80Mt Es Firmware +212
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-45373 HIGH This Week

A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5605 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5530 MEDIUM POC This Month

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5228 MEDIUM POC This Month

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5181 MEDIUM POC This Month

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Discord Invite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4858 MEDIUM POC This Month

The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Table Manager
NVD GitHub WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4810 MEDIUM POC This Month

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Pricing Table
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-44398 HIGH PATCH This Week

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Exiv2
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-4996 HIGH This Week

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Netskope
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45074 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-35911 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-46084 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.1.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-45055 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.0.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-45001 HIGH This Week

A vulnerability in Craig Hewitt Seriously Simple Stats seriously-simple-stats.5.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-28748 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.0.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2022-46860 HIGH This Week

A vulnerability in KaizenCoders Short URL shorten-url.6.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-5352 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Awesome Support
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-40609 HIGH This Week

A vulnerability in aiyaz Khorajia Contact form 7 Custom validation cf7-field-validation.1.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-46823 HIGH This Week

A vulnerability in Avirtum ImageLinks Interactive Image Builder imagelinks-interactive-image-builder-lite.5.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2023-32837 HIGH This Week

In video, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-3399 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-41685 HIGH This Week

A vulnerability in ilGhera Woocommerce Support System wc-support-system.2.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-46821 HIGH This Week

A vulnerability in Milan Petrovic GD Security Headers gd-security-headers.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-45069 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery - Best WordPress YouTube Gallery Plugin allows SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-40207 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy - Smart Donations allows SQL Injection.0.12. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-33924 HIGH This Week

A vulnerability in Felix W. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2022-46849 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page - Responsive Coming Soon & Maintenance Mode allows SQL Injection.5.9. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-46728 HIGH PATCH This Week

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2023-41378 HIGH PATCH This Week

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Calico Cloud Calico Enterprise Calico Os
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38407 HIGH PATCH This Week

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy