Skip to main content
CVE-2023-6084 CRITICAL POC Act Now

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28420 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Options Plus
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28419 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Force Display Name
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28173 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Google Xml Sitemap For Images
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28172 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps - WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Wp Maps
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28167 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cf7 Invisible Recaptcha
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27632 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Daily Prayer Time
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27623 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Page Numbers
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27611 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Reusable Blocks Extended
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27431 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Store
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27418 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite - add sticky fixed buttons plugin <= 4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Side Menu Lite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27417 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Affiliate Super Assistent
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29425 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shiftcontroller
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29238 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate - FREE Donate button - Crowdfunding - Fundraising plugin <= 3.12.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Whydonate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28987 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28930 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mobile Banner
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28696 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF I Recommend This
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28618 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enhanced Plugin Admin
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28498 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hotel Booking Lite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28497 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Slideshow Gallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28495 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Shortcode
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28134 HIGH This Week

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkpoint Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42781 MEDIUM PATCH This Month

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-28694 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs - BuddyPress Activity Social Share plugin <= 3.5.0 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Buddypress Activity Social Share
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47037 MEDIUM PATCH This Month

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy