Skip to main content
CVE-2023-34171 MEDIUM This Month

A vulnerability in Alex Raven WP Report Post wp-report-post.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-34178 MEDIUM This Month

A vulnerability in Adrian Tobey Groundhogg groundhogg.7.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-25994 MEDIUM This Month

A vulnerability in alexbenfica Publish to Schedule publish-to-schedule.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32500 MEDIUM This Month

A vulnerability in xtemos WoodMart woodmart.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32093 MEDIUM This Month

A vulnerability in Criss Swaim TPG Redirect tpg-redirect.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31235 MEDIUM This Month

A vulnerability in xnau webdesign Participants Database participants-database.4.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31088 MEDIUM This Month

A vulnerability in farazify Floating Action Button floating-action-button.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31086 MEDIUM This Month

A vulnerability in Igor Benic Simple Giveaways giveasap.46.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32592 MEDIUM This Month

A vulnerability in EdwardBock Sunny Search fast-search-powered-by-solr.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32587 MEDIUM This Month

A vulnerability in WP Reactions, LLC WP Reactions Lite wp-reactions-lite.3.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-34025 MEDIUM This Month

A vulnerability in Aurélien LWS LWS Hide Login lws-hide-login.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32794 MEDIUM This Month

A vulnerability in Woo WooCommerce Product Add-ons woocommerce-product-addons.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32745 MEDIUM This Month

A vulnerability in Woo AutomateWoo automatewoo.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32744 MEDIUM This Month

A vulnerability in Woo WooCommerce Product Recommendations woocommerce-product-recommendations.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47237 MEDIUM This Month

A vulnerability in Northern Beaches Websites WP Google My Business Auto Publish wp-google-my-business-auto-publish.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Google
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-34182 MEDIUM This Month

A vulnerability in shawfactor LH Password Changer lh-password-changer.55. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-34002 MEDIUM This Month

A vulnerability in mylacventures WP Inventory Manager wp-inventory-manager.1.0.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31087 MEDIUM This Month

A vulnerability in JoomSky JS Job Manager js-jobs.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-25975 MEDIUM This Month

A vulnerability in fsheedy Etsy Shop etsy-shop.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-5546 MEDIUM PATCH This Month

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-5544 MEDIUM PATCH This Month

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32579 MEDIUM This Month

A vulnerability in Code Amp Forget About Shortcode Buttons forget-about-shortcode-buttons.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-5549 MEDIUM PATCH This Month

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5548 MEDIUM PATCH This Month

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5545 MEDIUM PATCH This Month

H5P metadata automatically populated the author with the user's username, which could be sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-45284 MEDIUM PATCH This Month

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Go
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-47110 MEDIUM PATCH This Month

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Customer Reassurance Block
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-47616 MEDIUM This Month

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-32092 MEDIUM This Month

A vulnerability in PeepSo Community by PeepSo peepso-core.0.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34181 MEDIUM This Month

A vulnerability in ga_ap WP-Cirrus wp-cirrus.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47238 MEDIUM This Month

A vulnerability in Ajay Top 10 top-10.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32502 MEDIUM This Month

A vulnerability in Sybre Waaijer Pro Mime Types pro-mime-types.0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32501 MEDIUM This Month

A vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32125 MEDIUM This Month

A vulnerability in dpowney Multi Rating multi-rating.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-31093 MEDIUM This Month

A vulnerability in Chronosly Chronosly Events Calendar chronosly-events-calendar.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32512 MEDIUM This Month

A vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34031 MEDIUM This Month

A vulnerability in Pascal Casier bbPress Toolkit bbp-toolkit.0.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34024 MEDIUM This Month

A vulnerability in northswitch WP Full Auto Tags Manager wp-full-auto-tags-manager.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32739 MEDIUM This Month

A vulnerability in Hamid Reza Sepehr WP Custom Cursors wp-custom-cursors.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32602 MEDIUM This Month

A vulnerability in lokalyze CALL ME NOW lokalyze-call-now.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32594 MEDIUM This Month

A vulnerability in e2b Hyphenator hyphenator.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34033 MEDIUM This Month

A vulnerability in craigramsay Ajax Pagination and Infinite Scroll malinky-ajax-pagination.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34371 MEDIUM This Month

A vulnerability in Didier Sampaolo Download SpamReferrerBlock spamreferrerblock.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34386 MEDIUM This Month

A vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-36688 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Site Verify
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-5542 MEDIUM PATCH This Month

Students in "Only see own membership" groups could see other students in the group, which should be hidden. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-5543 LOW PATCH Monitor

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-5551 LOW PATCH Monitor

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy