Skip to main content
CVE-2023-48060 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48058 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47346 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc Smf Upf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-47117 HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-47621 HIGH PATCH This Week

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Guest Entries
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6097 HIGH This Week

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ics Business Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5747 HIGH This Week

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Wave Server Software Pno A6081R E1T Firmware Pno A6081R E2T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-35041 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications - Webpushr plugin <= 4.34.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Web Push Notifications
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47669 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profile Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34384 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Kebo Twitter Feed
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34378 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Hide Post
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33207 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Stop Referrer Spam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32588 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post State Tags
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32583 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp All Backup
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47230 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Contact Forms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46638 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wcp Openweather
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46636 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Header Images
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46629 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Remove Add To Cart Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46625 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Autolinks Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46620 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Deepl Api Translation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46619 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wdsocialwidgets
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46618 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Category Seo Meta Tags
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26543 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Meteor
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26531 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF All In One Search Automatic Push Management
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27445 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Blog Floating Button
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27441 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF New Adman
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27438 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Translitera
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27436 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elegant Custom Fonts
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27434 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Classic Editor And Classic Widgets
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26524 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Quiz And Survey Master
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26518 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tfeed
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Debug Assistant
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Dynamic Xml Sitemaps Generator For Google
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6101 HIGH This Week

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1.7/ha.html of the component Intelligent Monitoring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-47163 HIGH PATCH This Week

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Remarshal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-23800 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin - Shortcodes Ultimate.12.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Shortcodes Ultimate
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-47516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Category Post List Widget
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-46634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Custom My Account For Woocommerce
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-31230 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Baidu Tongji Generator
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-39166 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Tagdiv Composer
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-40335 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Cleverwise Daily Quotes
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-47652 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.4.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Auto Affiliate Links
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-5037 HIGH This Week

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ano L6012R Firmware Ano L6022R Firmware Anv L6012R Firmware Ano L6082R Firmware +179
NVD
CVSS 4.0
7.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy