Skip to main content
CVE-2023-50094 HIGH POC THREAT Act Now

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Command Injection Rengine
NVD GitHub
CVSS 3.1
8.8
EPSS
88.6%
Threat
5.9
CVE-2023-6421 HIGH POC THREAT Act Now

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.

WordPress Information Disclosure Download Manager
NVD WPScan
CVSS 3.1
7.5
EPSS
80.6%
Threat
5.4
CVE-2023-6064 HIGH POC This Week

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Payhere Payment Gateway
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-50096 HIGH POC This Week

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE X Cube Safea1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-6113 HIGH POC This Week

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-6271 HIGH POC This Week

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Backup Migration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-0182 HIGH This Month

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Engineers Online Portal
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy