Skip to main content
CVE-2023-41425 MEDIUM POC THREAT This Month

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.3%.

XSS RCE Wondercms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
54.3%
Threat
4.3
CVE-2023-40453 MEDIUM POC This Month

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Docker Machine
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5660 MEDIUM POC This Month

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Sendpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5669 MEDIUM POC This Month

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Featured Image Caption
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5703 MEDIUM POC PATCH This Month

The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Gift Up Gift Cards For Wordpress And Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5661 MEDIUM POC This Month

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Social Feed
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46252 MEDIUM POC This Month

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squidex
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46998 MEDIUM POC This Month

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bootbox
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-46001 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46744 MEDIUM POC This Month

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Squidex
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5904 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5903 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46737 MEDIUM POC PATCH This Month

Cosign is a sigstore signing tool for OCI containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cosign
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-47102 MEDIUM POC This Month

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Urbackup Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5901 MEDIUM POC PATCH This Month

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5976 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Microweber
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-5902 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5900 MEDIUM POC PATCH This Month

Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Pkp Web Application Library
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-38509 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-42554 MEDIUM This Month

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42533 MEDIUM This Month

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-4154 MEDIUM PATCH This Month

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Samba
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-42551 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42550 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42549 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42548 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42547 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42546 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36409 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5743 MEDIUM PATCH This Month

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Telephone Number Linker
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5076 MEDIUM PATCH This Month

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ziteboard
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-4888 MEDIUM PATCH This Month

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple Like Page
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4842 MEDIUM PATCH This Month

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Social Warfare
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5577 MEDIUM This Month

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Bitly
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5567 MEDIUM This Month

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Qr Code Tag
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5507 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Imagemapper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5659 MEDIUM This Month

The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Interact
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5658 MEDIUM PATCH This Month

The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Mapit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-46809 MEDIUM This Month

A vulnerability in ReviewX ReviewX reviewx.6.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46803 MEDIUM This Month

A vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box.9.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46801 MEDIUM This Month

A vulnerability in Gemini Labs Site Reviews site-reviews.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-45370 MEDIUM This Month

A vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46802 MEDIUM This Month

A vulnerability in WebToffee Product Reviews Import Export for WooCommerce product-reviews-import-export-for-woocommerce.4.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-45357 MEDIUM This Month

A vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application.75. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5532 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Imagemapper
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-45078 MEDIUM This Month

Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.5.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure User Blocker
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-44738 MEDIUM This Month

A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.1.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-42882 MEDIUM This Month

A vulnerability in Duke Simple CSV/XLS Exporter simple-csv-xls-exporter.5.8. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-46821 MEDIUM This Month

A vulnerability in Jackmail Emails & Newsletters with Jackmail jackmail-newsletters.2.22. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-46804 MEDIUM This Month

A vulnerability in narolainfotech Export Users Data Distinct export-users-data-distinct.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy