Skip to main content
CVE-2023-5815 HIGH POC PATCH THREAT Act Now

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 43.2%.

PHP LFI RCE Docker WordPress +1
NVD VulDB
CVSS 3.1
8.1
EPSS
43.2%
Threat
4.4
CVE-2023-48107 HIGH POC This Week

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Minizip Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-49102 HIGH POC This Week

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nzbget
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-48106 HIGH POC This Week

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Minizip Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47250 HIGH POC This Week

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mprivacy Tools Rsbac Policy Tgpro Tightgatevnc
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-47315 HIGH POC This Week

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Headwind Mdm
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6265 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2023-43887 HIGH POC PATCH This Week

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-48105 HIGH POC PATCH This Week

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Webassembly Micro Runtime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-47016 HIGH POC PATCH This Week

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-48161 HIGH POC This Week

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Giflib
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-5822 HIGH PATCH This Week

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Drag And Drop Multiple File Upload Contact Form 7
NVD VulDB
CVSS 3.1
8.1
EPSS
4.4%
CVE-2023-5466 HIGH PATCH This Week

The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Anything Slider
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5465 HIGH PATCH This Week

The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Popup With Fancybox
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6009 HIGH This Week

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2497 HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP WordPress CSRF Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-2440 HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-47825 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Extra
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47824 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages - Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Legal Pages
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47819 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Call Now By Thikshare
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47792 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads - Increase Maximum File Upload Size plugin <= 2.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Big File Uploads
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leadster
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47785 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF LayerSlider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47781 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Thrive Themes Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47775 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpdiscuz
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-39925 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Peepso
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47765 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Codebard S Patron Button And Widgets For Patreon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47758 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multi Step Form
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25987 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Urošević My YouTube Channel plugin <= 3.23.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Youtube Channel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25986 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen - Ancienne version plugin <= 4.10.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paygreen Ancienne
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6157 HIGH This Week

Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6156 HIGH This Week

Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47350 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Swiftyedit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26542 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Phpinfo Wp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28747 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cbx Currency Converter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27633 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify - Intuitive Website Styling plugin <= 2.10.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Customify
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27461 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF When Last Login
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27458 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpstream
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27457 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add Expires Headers Optimized Minify
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27453 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Tools
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27451 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Instant Images
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27446 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Deepl Pro Api Translation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27444 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Decalog
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27442 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leyka
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26535 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sheets To Wp Table Live Sync
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26532 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Auto Poster
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28749 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cm Search And Replace
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5299 HIGH This Week

A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tellus Lite V Simulator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-6263 HIGH This Week

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nxcloud
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-29069 HIGH This Week

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Desktop Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy