Skip to main content
CVE-2023-4930 MEDIUM POC This Month

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Front End Pm
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5354 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Awesome Support
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46732 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-45556 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Mybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5605 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5530 MEDIUM POC This Month

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5228 MEDIUM POC This Month

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS User Registration
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5181 MEDIUM POC This Month

The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Discord Invite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4858 MEDIUM POC This Month

The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Table Manager
NVD GitHub WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4810 MEDIUM POC This Month

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Pricing Table
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5352 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Awesome Support
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-47430 MEDIUM This Month

A vulnerability in Weblizar - WordPress Themes & Plugin The School Management - Education & Learning Management school-management-system.1. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-47432 MEDIUM This Month

A vulnerability in Kemal YAZICI Shortcode IMDB shortcode-imdb.0.8. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-47428 MEDIUM This Month

A vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar.2.7. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32839 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32838 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32836 MEDIUM This Month

In display, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32835 MEDIUM This Month

In keyinstall, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32834 MEDIUM This Month

In secmem, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32818 MEDIUM This Month

In vdec, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-40660 MEDIUM This Month

A flaw was found in OpenSC packages that allow a potential PIN bypass. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-47177 MEDIUM This Month

A vulnerability in Elementor Linker linker.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46783 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Pre Orders For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46782 MEDIUM This Month

A vulnerability in Chris Yee MomentoPress for Momento360 cmyee-momentopress.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-4700 MEDIUM This Month

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3909 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5825 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28794 MEDIUM This Month

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.3.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42669 MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba Storage Enterprise Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-32840 MEDIUM This Month

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-47420 MEDIUM This Month

A vulnerability in Ability, Inc Accessibility Suite online-accessibility.12. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-40661 MEDIUM This Month

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
1.2%
CVE-2023-5771 MEDIUM This Month

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46251 MEDIUM PATCH This Month

MyBB is a free and open source forum software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5950 MEDIUM This Month

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Velociraptor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47272 MEDIUM PATCH This Month

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-47184 MEDIUM This Month

A vulnerability in Collins Agbonghama Admin Bar & Dashboard Access Control admin-bar-dashboard-control.2.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-46824 MEDIUM This Month

A vulnerability in Ankit Singla Slick Popup slick-popup.7.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-23702 MEDIUM This Month

A vulnerability in pixelgrade Comments Ratings comments-ratings.1.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-45046 MEDIUM This Month

A vulnerability in Pressference Pressference Exporter pressference-exporter.0.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27605 MEDIUM This Month

A vulnerability in Sajjad Hossain WP Reroute Email wp-reroute-email.4.6. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4910 MEDIUM This Month

A flaw was found In 3Scale Admin Portal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 3Scale Api Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5090 MEDIUM PATCH This Month

A flaw was found in KVM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32825 MEDIUM This Month

In bluethooth service, there is a possible out of bounds reads due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46802 MEDIUM This Month

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE E Tax
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5678 MEDIUM PATCH This Month

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service OpenSSL
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46779 MEDIUM This Month

A vulnerability in Jayce53 EasyRecipe easyrecipe.5.3251. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46777 MEDIUM This Month

A vulnerability in PluginOps Feather Login Page feather-login-page.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-36769 MEDIUM PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5969 MEDIUM PATCH This Month

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy