Skip to main content
CVE-2023-40011 MEDIUM This Month

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Exploiting Incorrectly Configured Access Control Security Levels.1.42. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-41875 MEDIUM This Month

Missing Authorization vulnerability in WPDirectoryKit WP Directory Kit wpdirectorykit allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-36509 MEDIUM This Month

Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector chp-ads-block-detector allows Exploiting Incorrectly Configured Access Control Security Levels.9.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-12042 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple XSS File Upload +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11832 MEDIUM This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Beaver Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-12574 MEDIUM This Month

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36681 MEDIUM This Month

Missing Authorization vulnerability in CoolHappy Cryptocurrency Widgets - Price Ticker & Coins List cryptocurrency-price-ticker-widget allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22697 MEDIUM This Month

Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39997 MEDIUM This Month

Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.10.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-41690 MEDIUM This Month

Missing Authorization vulnerability in Wisernotify team WiserNotify wiser-notify allows Exploiting Incorrectly Configured Access Control Security Levels.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34381 MEDIUM This Month

Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy zippy allows Exploiting Incorrectly Configured Access Control Security Levels.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-39996 MEDIUM This Month

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider accordion-and-accordion-slider allows Exploiting Incorrectly Configured Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-36506 MEDIUM This Month

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Waiting List yith-woocommerce-waiting-list allows Exploiting Incorrectly Configured Access Control Security Levels.13.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41862 MEDIUM This Month

Weak Authentication vulnerability in Guido VS Contact Form very-simple-contact-form allows Authentication Abuse.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-44149 MEDIUM This Month

Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.8.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-44147 MEDIUM This Month

Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41849 MEDIUM This Month

Missing Authorization vulnerability in Happy Coders Posts Like Dislike posts-like-dislike allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41848 MEDIUM This Month

Missing Authorization vulnerability in Sayful Islam Carousel Slider carousel-slider allows Exploiting Incorrectly Configured Access Control Security Levels.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-36528 MEDIUM This Month

Missing Authorization vulnerability in properfraction kk Star Ratings kk-star-ratings allows Exploiting Incorrectly Configured Access Control Security Levels.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-35777 MEDIUM This Month

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.1.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-47429 MEDIUM This Month

Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin 8-degree-coming-soon-page allows Retrieve Embedded Sensitive Data.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-54310 MEDIUM This Month

Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.0.1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41803 MEDIUM This Month

Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce bitpay-checkout-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-39305 MEDIUM This Month

Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-38480 MEDIUM This Month

Missing Authorization vulnerability in certaindev Booster Elementor Addons booster-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.4.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-38479 MEDIUM This Month

Missing Authorization vulnerability in codents Simple Googlebot Visit simple-googlebot-visit allows Exploiting Incorrectly Configured Access Control Security Levels.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-37969 MEDIUM This Month

Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce wc-zelle allows Exploiting Incorrectly Configured Access Control Security Levels.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-32963 MEDIUM This Month

Missing Authorization vulnerability in Steve Truman WooCommerce Predictive Search woocommerce-predictive-search allows Exploiting Incorrectly Configured Access Control Security Levels.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-35875 MEDIUM This Month

Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41952 MEDIUM This Month

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.0.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-32798 MEDIUM This Month

Missing Authorization vulnerability in 10up Simple Page Ordering simple-page-ordering allows Exploiting Incorrectly Configured Access Control Security Levels.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-46846 MEDIUM This Month

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget wp-trending-post-slider-and-widget allows Exploiting Incorrectly Configured Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-44578 MEDIUM This Month

Missing Authorization vulnerability in pjehan Owl Carousel owl-carousel allows Exploiting Incorrectly Configured Access Control Security Levels.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-47182 MEDIUM This Month

Missing Authorization vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Exploiting Incorrectly Configured Access Control Security Levels.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-41133 MEDIUM This Month

Authentication Bypass by Spoofing vulnerability in Minor Secure Admin IP secure-admin-ip allows Functionality Bypass.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-9945 MEDIUM This Month

An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12309 MEDIUM This Month

The Rate My Post - Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-55918 MEDIUM This Month

An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-12579 MEDIUM This Month

The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-36531 MEDIUM This Month

Missing Authorization vulnerability in liquidpoll LiquidPoll wp-poll allows Exploiting Incorrectly Configured Access Control Security Levels.3.68. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
4.8%
CVE-2024-54268 MEDIUM This Month

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.64.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-41870 MEDIUM This Month

Missing Authorization vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-40203 MEDIUM This Month

Missing Authorization vulnerability in mailmunch MailChimp Forms by MailMunch mailchimp-forms-by-mailmunch allows Exploiting Incorrectly Configured Access Control Security Levels.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45806 MEDIUM This Month

Missing Authorization vulnerability in Strategy11 Team Formidable Forms formidable allows Exploiting Incorrectly Configured Access Control Security Levels.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-40334 MEDIUM This Month

Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.3.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-38475 MEDIUM This Month

Missing Authorization vulnerability in EDGARROJAS Donations Made Easy - Smart Donations smart-donations allows Exploiting Incorrectly Configured Access Control Security Levels.0.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-41951 MEDIUM This Month

Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Exploiting Incorrectly Configured Access Control Security Levels.6.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-43472 MEDIUM This Month

Missing Authorization vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Exploiting Incorrectly Configured Access Control Security Levels.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-40213 MEDIUM This Month

Missing Authorization vulnerability in Damian Góra Justified Gallery justified-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41866 MEDIUM This Month

Missing Authorization vulnerability in Plugins360 Labs Automatic YouTube Gallery automatic-youtube-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy