Skip to main content
CVE-2023-50094 HIGH POC THREAT Act Now

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Command Injection Rengine
NVD GitHub
CVSS 3.1
8.8
EPSS
88.6%
Threat
5.9
CVE-2023-6421 HIGH POC THREAT Act Now

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

WordPress Information Disclosure Download Manager
NVD WPScan
CVSS 3.1
7.5
EPSS
80.6%
Threat
5.4
CVE-2023-6000 MEDIUM POC THREAT This Month

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.0%.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
64.0%
Threat
4.6
CVE-2023-5877 CRITICAL POC Act Now

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass WordPress PHP Affiliate Toolkit
NVD WPScan
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-6064 HIGH POC This Week

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Payhere Payment Gateway
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-50096 HIGH POC This Week

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE X Cube Safea1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-6113 HIGH POC This Week

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-6271 HIGH POC This Week

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Backup Migration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-6485 MEDIUM POC This Month

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Html5 Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
1.9%
CVE-2023-6037 MEDIUM POC This Month

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Tripadvisor Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-0183 LOW POC Monitor

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-0182 HIGH This Month

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Engineers Online Portal
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0181 LOW POC Monitor

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rrj Nueva Ecija Engineer Online Portal
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-21732 MEDIUM POC This Month

FlyCms through abbaa5a allows XSS via the permission management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flycms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy