Skip to main content
CVE-2023-7002 HIGH POC PATCH THREAT Act Now

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

WordPress Command Injection Backup Migration
NVD VulDB
CVSS 3.1
7.2
EPSS
23.2%
CVE-2020-36769 HIGH POC This Week

The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Widget Settings Importer Exporter
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-6972 CRITICAL PATCH Act Now

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal RCE WordPress PHP Backup Migration
NVD VulDB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-49594 MEDIUM POC This Month

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Duouniversalkeycloakauthenticator
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-6971 CRITICAL PATCH Act Now

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE WordPress PHP Backup Migration
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2023-7090 HIGH PATCH This Week

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Sudo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5961 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iologik E1210 Firmware Iologik E1211 Firmware Iologik E1212 Firmware Iologik E1213 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5962 MEDIUM This Month

A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Iologik E1210 Firmware Iologik E1211 Firmware Iologik E1212 Firmware Iologik E1213 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6744 MEDIUM This Month

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Divi
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-7008 MEDIUM This Month

A vulnerability was found in systemd-resolved. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy