Skip to main content
CVE-2023-6875 CRITICAL POC THREAT Emergency

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2023-6634 HIGH POC THREAT Act Now

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 91.3%.

WordPress Command Injection RCE
NVD
CVSS 3.1
8.1
EPSS
91.3%
Threat
5.9
CVE-2023-6567 CRITICAL POC THREAT Emergency

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

WordPress SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
82.3%
Threat
5.9
CVE-2023-46474 HIGH POC THREAT Act Now

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.7%.

File Upload RCE PHP Pmb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
72.7%
Threat
5.1
CVE-2023-52028 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
20.6%
Threat
4.1
CVE-2023-51073 HIGH POC THREAT Act Now

An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Ls210D Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
26.0%
CVE-2023-52032 CRITICAL POC THREAT Emergency

TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Information Disclosure Ex1200t Firmware
NVD
CVSS 3.1
9.8
EPSS
16.3%
CVE-2023-52029 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-52027 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-52031 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Information Disclosure A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-52030 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-51984 CRITICAL POC THREAT Emergency

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Command Injection D-Link Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2023-6266 HIGH POC THREAT Act Now

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%.

WordPress Authentication Bypass Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
21.8%
CVE-2023-51350 CRITICAL POC Act Now

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-51987 CRITICAL POC Act Now

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-51748 HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scalefusion
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-51749 HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-50159 HIGH POC This Week

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Microsoft Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-50123 HIGH POC This Week

The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Alarm System
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-50671 HIGH POC This Week

In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Exiftags
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6316 CRITICAL PATCH Act Now

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
8.3%
CVE-2023-50124 MEDIUM POC This Month

Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Smart Lock Advanced Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-50129 MEDIUM POC This Month

Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Lock Advanced Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-7226 MEDIUM POC This Month

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Whale
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-52274 MEDIUM POC This Month

member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-50127 MEDIUM POC This Month

Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Alarm System
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6699 CRITICAL PATCH Act Now

The WP Compress - Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal
NVD VulDB
CVSS 3.1
9.1
EPSS
3.4%
CVE-2023-6979 HIGH PATCH This Week

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-37644 MEDIUM POC This Month

SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-6220 HIGH This Week

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.1
EPSS
6.3%
CVE-2023-6878 HIGH This Week

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5448 HIGH PATCH This Week

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5504 HIGH PATCH This Week

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal
NVD VulDB
CVSS 3.1
8.7
EPSS
0.5%
CVE-2023-31003 HIGH PATCH This Week

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Docker Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-6636 HIGH PATCH This Week

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2023-6558 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2022-4959 LOW POC Monitor

A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redbbs
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.2%
CVE-2022-4958 LOW POC Monitor

A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redbbs
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-6828 HIGH This Week

The Contact Form, Survey & Popup Form Plugin for WordPress - ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-6751 HIGH PATCH This Week

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-51782 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51780 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51781 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-6583 MEDIUM PATCH This Month

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal
NVD VulDB
CVSS 3.1
6.6
EPSS
1.9%
CVE-2023-51751 MEDIUM This Month

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Scalefusion
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-6632 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor
NVD VulDB
CVSS 3.1
6.1
EPSS
3.4%
CVE-2023-4372 MEDIUM PATCH This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
1.5%
CVE-2023-6554 MEDIUM This Month

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Tcexam
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6638 MEDIUM This Month

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6637 MEDIUM PATCH This Month

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google WordPress
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy