Skip to main content
CVE-2023-5958 MEDIUM POC This Month

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Smtp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5653 MEDIUM POC This Month

The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wassup Real Time Analytics
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5641 MEDIUM POC This Month

The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Free Easy Link Building
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5560 MEDIUM POC This Month

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Useronline
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5325 MEDIUM POC This Month

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Vietnam Checkout
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49029 MEDIUM POC This Month

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Absis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-6313 MEDIUM POC This Month

A vulnerability was found in SourceCodester URL Shortener 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Url Shortener
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6301 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6300 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4642 MEDIUM POC This Month

The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure WordPress Kk Star Ratings
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-42366 MEDIUM POC This Month

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42365 MEDIUM POC This Month

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42364 MEDIUM POC This Month

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42363 MEDIUM POC This Month

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-5942 MEDIUM POC This Month

The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Medialist
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5738 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup And Migration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5620 MEDIUM POC This Month

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Web Push Notifications
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4514 MEDIUM POC This Month

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mmm Simple File List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49028 MEDIUM POC This Month

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Absis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-5845 MEDIUM POC This Month

The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simple Social Buttons
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5611 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Seraphinite Accelerator
NVD WPScan
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-4252 MEDIUM POC This Month

The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Eventprime
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5209 MEDIUM POC This Month

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bookly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-6303 MEDIUM POC This Month

A vulnerability was found in CSZCMS 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cszcms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5737 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Backup And Migration
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5525 MEDIUM POC This Month

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Limit Login Attempts Reloaded
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4297 MEDIUM POC This Month

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Mmm Simple File List
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-5885 MEDIUM This Month

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Colibri Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-48034 MEDIUM This Month

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Sk 9662 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-47168 MEDIUM PATCH This Month

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6287 MEDIUM This Month

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkmk Appliance Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25632 MEDIUM This Month

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Whale Browser
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-49145 MEDIUM PATCH This Month

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Nifi
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-43701 MEDIUM PATCH This Month

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-35075 MEDIUM PATCH This Month

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46355 MEDIUM This Month

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Csv Feeds Pro
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5871 MEDIUM PATCH This Month

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-48369 MEDIUM PATCH This Month

Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-49321 MEDIUM This Month

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2707 MEDIUM This Month

The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Gappointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32062 MEDIUM PATCH This Month

OroPlatform is a package that assists system and user calendar management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Oroplatform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-42501 MEDIUM PATCH This Month

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-6202 MEDIUM PATCH This Month

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-45223 MEDIUM PATCH This Month

Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-43754 MEDIUM PATCH This Month

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-47865 MEDIUM PATCH This Month

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy