Skip to main content
CVE-2023-5907 MEDIUM POC This Month

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress File Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-49494 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-49490 MEDIUM POC This Month

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xunruicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49488 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfiler
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5750 MEDIUM POC This Month

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5749 MEDIUM POC This Month

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-50465 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Monica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45292 MEDIUM POC PATCH This Month

When using the default implementation of Verify to check a Captcha, verification can be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Base64Captcha
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5955 MEDIUM POC This Month

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Email
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5940 MEDIUM POC This Month

The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Not Login Hide
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5757 MEDIUM POC This Month

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Crowdfunding
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-6538 MEDIUM POC This Month

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass System Management Unit Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-49802 MEDIUM PATCH This Month

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Linked Custom Fields
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6679 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48715 MEDIUM PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-49796 MEDIUM PATCH This Month

MindsDB connects artificial intelligence models to real time data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-49795 MEDIUM PATCH This Month

MindsDB connects artificial intelligence models to real time data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy