Skip to main content
CVE-2023-2437 CRITICAL POC THREAT Emergency

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

WordPress Authentication Bypass Userpro
NVD VulDB
CVSS 3.1
9.8
EPSS
76.8%
Threat
5.8
CVE-2023-5815 HIGH POC PATCH THREAT Act Now

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 43.2%.

PHP LFI RCE Docker WordPress +1
NVD VulDB
CVSS 3.1
8.1
EPSS
43.2%
Threat
4.4
CVE-2023-48107 HIGH POC This Week

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Minizip Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-49102 HIGH POC This Week

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nzbget
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-48106 HIGH POC This Week

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Minizip Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47250 HIGH POC This Week

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mprivacy Tools Rsbac Policy Tgpro Tightgatevnc
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-47315 HIGH POC This Week

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Headwind Mdm
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6265 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2023-43887 HIGH POC PATCH This Week

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-48105 HIGH POC PATCH This Week

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Webassembly Micro Runtime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-47016 HIGH POC PATCH This Week

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-48161 HIGH POC This Week

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Giflib
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-47251 MEDIUM POC This Month

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mprivacy Tools Tightgatevnc
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-47014 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sticky Notes App
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47312 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Headwind Mdm
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47380 MEDIUM POC PATCH This Month

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6253 MEDIUM POC This Month

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digital Guardian Agent
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2023-2449 CRITICAL Act Now

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Userpro
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5047 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Drdrive
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2889 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Service Tracking
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-46357 CRITICAL PATCH Act Now

In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cross Selling In Modal Cart
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45377 CRITICAL PATCH Act Now

In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Chronopost
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37924 CRITICAL PATCH Act Now

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%
CVE-2023-47821 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Email Encoder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47816 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.13 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Charitable
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47815 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bp Profile Shortcodes Extra
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47813 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Better RSS Widget plugin <= 2.8.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Better Rss Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47812 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns plugin <= 1.6.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bamboo Columns
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47811 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anywhere Flash Embed
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47810 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ajax Domain Checker
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47809 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accordion
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47808 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Add Widgets To Page
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47316 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Headwind Mdm
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47314 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Headwind Mdm
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47313 MEDIUM POC This Month

Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Headwind Mdm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-5822 HIGH PATCH This Week

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Drag And Drop Multiple File Upload Contact Form 7
NVD VulDB
CVSS 3.1
8.1
EPSS
4.4%
CVE-2023-5466 HIGH PATCH This Week

The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Anything Slider
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5465 HIGH PATCH This Week

The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Popup With Fancybox
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6009 HIGH This Week

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2497 HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP WordPress CSRF Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-2440 HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-47825 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Extra
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47824 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages - Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Legal Pages
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47819 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Call Now By Thikshare
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47792 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads - Increase Maximum File Upload Size plugin <= 2.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Big File Uploads
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leadster
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47785 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF LayerSlider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47781 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Thrive Themes Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47775 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpdiscuz
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-39925 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Peepso
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy