Skip to main content
CVE-2023-23800 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin - Shortcodes Ultimate.12.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Shortcodes Ultimate
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-47516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Category Post List Widget
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-46634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Custom My Account For Woocommerce
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-31230 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Baidu Tongji Generator
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-39166 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Tagdiv Composer
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-40335 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Cleverwise Daily Quotes
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-47652 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.4.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Auto Affiliate Links
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-5037 HIGH This Week

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ano L6012R Firmware Ano L6022R Firmware Anv L6012R Firmware Ano L6082R Firmware +179
NVD
CVSS 4.0
7.1
EPSS
1.5%
CVE-2023-41239 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.0.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Powerpress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-4775 MEDIUM PATCH This Month

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Iframe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5741 MEDIUM This Month

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Powr
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-32123 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF The7
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-47697 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47696 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Product Enquiry For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47695 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shortcodes Finder
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47690 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Additional Order Filters For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6098 MEDIUM This Month

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ics Business Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38364 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38515 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.7.56. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Church Admin
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46092 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Webmaster Tools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-6103 MEDIUM This Month

A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rx 1500 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42816 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-42815 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42814 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42813 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6100 MEDIUM This Month

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-47801 MEDIUM This Month

An issue was discovered in Click Studios Passwordstate before 9811. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Passwordstate
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-23684 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.14.5. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

SSRF Wpgraphql
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-34013 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker - Best WordPress Poll Plugin.6.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress Poll Maker
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-37978 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.18.11. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Http Headers
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-46201 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.9.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Auto Login New User After Registration
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-35877 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Extra User Details
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-38363 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-46207 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing.4.6. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-31219 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.8.1. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Download Monitor
NVD
CVSS 3.1
4.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy