Skip to main content
CVE-2023-2437 CRITICAL POC THREAT Emergency

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

WordPress Authentication Bypass Userpro
NVD VulDB
CVSS 3.1
9.8
EPSS
76.8%
Threat
5.8
CVE-2023-2449 CRITICAL Act Now

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Userpro
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5047 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Drdrive
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2889 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Service Tracking
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-46357 CRITICAL PATCH Act Now

In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cross Selling In Modal Cart
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45377 CRITICAL PATCH Act Now

In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Chronopost
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37924 CRITICAL PATCH Act Now

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
7.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy