Skip to main content
CVE-2023-50849 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.23. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi E2pdf
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50848 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aaron J 404 Solution.34.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi 404 Solution
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50857 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Funnelkit Automations
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50856 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit - Customize WooCommerce Checkout Pages,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Funnel Builder
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-32513 HIGH This Week

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Givewp
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51501 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.8.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Uncode
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-36381 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.6.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Zippy
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-50860 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar - Amelia allows Stored XSS.0.85. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Amelia
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50859 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Crowdfunding
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50874 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ajax Load More
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50448 MEDIUM PATCH This Month

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Activeadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-52079 MEDIUM PATCH This Month

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Msgpackr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-45701 MEDIUM This Month

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4672 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ecop
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50836 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.3.28. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Html Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-45702 MEDIUM This Month

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Hcl Launch
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36399 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Booked
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-50858 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.34. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Anti Hacker
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52084 MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27447 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Sms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-52083 MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-50873 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add Any Extension To Pages
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50267 MEDIUM This Month

MeterSphere is a one-stop open source continuous testing platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Metersphere
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy