Skip to main content
CVE-2023-47765 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Codebard S Patron Button And Widgets For Patreon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47758 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multi Step Form
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25987 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Urošević My YouTube Channel plugin <= 3.23.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Youtube Channel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25986 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen - Ancienne version plugin <= 4.10.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paygreen Ancienne
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6157 HIGH This Week

Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6156 HIGH This Week

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47350 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Swiftyedit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26542 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Phpinfo Wp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28747 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cbx Currency Converter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27633 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify - Intuitive Website Styling plugin <= 2.10.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Customify
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27461 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF When Last Login
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27458 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpstream
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27457 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add Expires Headers Optimized Minify
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27453 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Tools
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27451 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Instant Images
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27446 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Deepl Pro Api Translation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27444 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Decalog
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leyka
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26535 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sheets To Wp Table Live Sync
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26532 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Auto Poster
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28749 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cm Search And Replace
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5299 HIGH This Week

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tellus Lite V Simulator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-48706 MEDIUM POC PATCH This Month

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-6263 HIGH This Week

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nxcloud
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-29069 HIGH This Week

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Desktop Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46814 HIGH This Week

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Vlc Media Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40152 HIGH This Week

When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35127 HIGH This Week

Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5983 HIGH This Week

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.1.133.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pharmacy Automation
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-6252 HIGH This Week

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Chameleon Power
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3104 HIGH This Week

Lack of authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-6117 HIGH This Week

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46673 HIGH PATCH This Week

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6007 HIGH This Week

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Userpro
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-2841 HIGH This Week

The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Advanced Local Pickup For Woocommerce
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-48646 HIGH This Week

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Recoverymanager Plus
NVD
CVSS 3.1
7.2
EPSS
82.2%
CVE-2023-5921 HIGH This Week

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.0.0.27396. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Geodi
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-2448 MEDIUM This Month

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Userpro
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2446 MEDIUM This Month

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Userpro
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5386 MEDIUM PATCH This Month

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Funnelforms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5382 MEDIUM PATCH This Month

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Funnelforms
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-47467 MEDIUM This Month

Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jeecg Boot
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-5662 MEDIUM PATCH This Month

The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sponsors
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5667 MEDIUM PATCH This Month

The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tab Ultimate
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5469 MEDIUM PATCH This Month

The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Drop Shadow Boxes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5704 MEDIUM PATCH This Month

The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Cpo Shortcodes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5706 MEDIUM PATCH This Month

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Vk Blocks
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5664 MEDIUM PATCH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Garden Gnome Package
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5163 MEDIUM PATCH This Month

The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Weather Atlas
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5742 MEDIUM PATCH This Month

The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Easyrotator For Wordpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy