Skip to main content
CVE-2023-43177 CRITICAL POC THREAT Emergency

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crushftp
NVD GitHub
CVSS 3.1
9.8
EPSS
81.8%
CVE-2023-48028 CRITICAL POC Act Now

kodbox 1.46.01 has a security flaw that enables user enumeration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48017 HIGH POC This Week

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46402 HIGH POC This Week

git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Git Urls
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-6187 HIGH PATCH Act Now

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 19.7%.

WordPress File Upload RCE Paid Memberships Pro
NVD VulDB
CVSS 3.1
7.5
EPSS
19.7%
CVE-2023-48736 MEDIUM POC This Month

In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Demoiccmax
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40817 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40816 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40815 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40814 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40813 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40812 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40810 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40809 MEDIUM POC This Month

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-44796 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-47667 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.0.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Full Stripe Free
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4214 HIGH PATCH This Week

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass WordPress Apppresser
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-38361 HIGH PATCH This Week

IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-47664 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Plainview Protect Passwords
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-28780 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Yoast Local Seo
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47650 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Add Local Avatar
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-40363 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32245 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.4.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Essential Addons For Elementor Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-32504 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wise Chat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31075 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Hide Login
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47649 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.3.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Best Restaurant Menu
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47644 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.6.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47553 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Userheat Plugin
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47552 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects - WordPress Plugin.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Image Hover Effects
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47551 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy - Smart Donations.0.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Donations Made Easy Smart Donations
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47243 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop 코드엠샵 마이사이트 - MSHOP MY SITE.1.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mshop My Site
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47685 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Preloader Matrix
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47671 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Vertical Scroll Recent Registered User
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32514 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Google Site Verification Plugin Using Meta Tag
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47655 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Anac Xml Bandi Di Gara
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47666 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Code Snippets
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-47556 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Device Theme Switcher
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47531 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Droit Dark Mode
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47519 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Product Table Lite
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47672 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Category Post List Widget
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47670 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Korea Sns
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41129 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Patreon Wordpress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-31089 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Video Xml Sitemap Generator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-25985 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Tooltips
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47651 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Links Page
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy