Skip to main content
CVE-2023-6624 MEDIUM PATCH This Month

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-51750 MEDIUM This Month

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Scalefusion Windows
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-6924 MEDIUM PATCH This Month

The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-5691 MEDIUM PATCH This Month

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chatbot
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-6446 MEDIUM This Month

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-4246 MEDIUM PATCH This Month

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6520 MEDIUM PATCH This Month

The WP 2FA - Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6630 MEDIUM PATCH This Month

The Contact Form 7 - Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-6504 MEDIUM PATCH This Month

The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-6223 MEDIUM This Month

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6506 MEDIUM PATCH This Month

The WP 2FA - Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

WordPress RCE
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6742 MEDIUM PATCH This Month

The Gallery Plugin for WordPress - Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6598 MEDIUM PATCH This Month

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6883 MEDIUM This Month

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-7019 MEDIUM This Month

The LightStart - Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-21337 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Buffer Overflow Google Heap Overflow Microsoft Edge Chromium +1
NVD
CVSS 3.1
5.2
EPSS
0.9%
CVE-2024-20675 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium Chrome
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0426 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Foru Cms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0425 MEDIUM POC This Month

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Foru Cms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0419 MEDIUM POC This Month

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Httpdx
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0418 MEDIUM POC This Month

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Sharing Wizard
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-0417 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dsshop
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0416 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Dsmall
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0415 MEDIUM This Month

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsmall
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0414 MEDIUM This Month

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dscms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0413 MEDIUM This Month

A vulnerability was found in DeShang DSKMS up to 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dskms
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0412 MEDIUM This Month

A vulnerability was found in DeShang DSShop up to 3.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsshop
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0411 MEDIUM This Month

A vulnerability was found in DeShang DSMall up to 6.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dsmall
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-22195 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Jinja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-21667 MEDIUM POC PATCH This Week

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-21666 MEDIUM POC PATCH This Week

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-21665 MEDIUM POC PATCH Monitor

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft E Commerce Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy