All CVEs — 2023 (Page 1/217)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2023-12-31

High

CVE-2023-52133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget: f…

CVSS: 8.5 CWE: CWE-89

High

CVE-2023-52132

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6.

CVSS: 7.6 CWE: CWE-89

High

CVE-2023-52131

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1.

CVSS: 7.6 CWE: CWE-89

High

CVE-2023-51547

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This iss…

CVSS: 7.6 CWE: CWE-89

Medium

CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solut…

CVSS: 5.9 CWE: CWE-639

Critical

CVE-2023-51469

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.…

CVSS: 9.3 CWE: CWE-89

Critical

CVE-2023-51423

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom…

CVSS: 9.3 CWE: CWE-89

Medium

CVE-2023-7193

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipul…

CVSS: 4.6 CWE: CWE-284

Medium

CVE-2023-52185

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backu…

CVSS: 5.3 CWE: CWE-200

High

CVE-2023-52134

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.0.2.

CVSS: 7.6 CWE: CWE-89

Medium

CVE-2023-7191

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_log…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7190

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad.…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7189

A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7188

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to…

CVSS: 5.0 CWE: CWE-89

Medium

CVE-2023-7187

A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of…

CVSS: 5.5 CWE: CWE-121

Medium

CVE-2023-7186

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the a…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7185

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argume…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7184

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of t…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7183

A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The…

CVSS: 5.5 CWE: CWE-89

High

CVE-2023-52180

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe…

CVSS: 7.6 CWE: CWE-89

Critical

CVE-2023-49777

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.

CVSS: 9.1 CWE: CWE-502

Medium

CVE-2023-6094

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An a…

CVSS: 5.3 CWE: CWE-319

Medium

CVE-2023-6093

A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to…

CVSS: 5.3 CWE: CWE-1021

Critical

CVE-2023-52182

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0.

CVSS: 9.9 CWE: CWE-502

Critical

CVE-2023-52181

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.

CVSS: 10.0 CWE: CWE-502

Critical

CVE-2023-39157

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.

CVSS: 9.0 CWE: CWE-94

Medium

CVE-2023-7130

A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulatio…

CVSS: 6.3 CWE: CWE-89

High

CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.

CVSS: 7.5 CWE: CWE-200

High

CVE-2021-46901

examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.

CVSS: 7.5 CWE: CWE-787

Medium

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offse…

CVSS: 5.5 CWE: CWE-415

High

CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is…

CVSS: 7.5 CWE: CWE-327

High

CVE-2023-52277

Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ fil…

CVSS: 7.8 CWE: CWE-787

Low

CVE-2023-52275

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.

CVSS: 2.1 CWE: CWE-862

Medium

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.

CVSS: 4.8 CWE: CWE-79

High

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.

CVSS: 7.5 CWE: CWE-125

High

CVE-2023-52266

ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.

CVSS: 7.5 CWE: CWE-416

2023-12-30

Medium

CVE-2023-52265

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2023-52264

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.

CVSS: 6.1 CWE: CWE-79

High

CVE-2023-6998

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.

CVSS: 7.7 CWE: CWE-305

Medium

CVE-2023-52263

Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_control…

CVSS: 6.1 CWE: CWE-601

Medium

CVE-2023-7181

A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation lead…

CVSS: 4.7 CWE: CWE-434

Medium

CVE-2023-7180

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The man…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2023-7179

A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP…

CVSS: 4.7 CWE: CWE-89

Medium

CVE-2023-7178

A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the com…

CVSS: 4.7 CWE: CWE-89

Critical

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

CVSS: 9.8 CWE: CWE-78

Critical

CVE-2023-50589

Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.

CVSS: 9.8 CWE: CWE-89

High

CVE-2023-49299

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server.This issue affects Apache DolphinSch…

CVSS: 8.8 CWE: CWE-20

Medium

CVE-2023-7177

A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Req…

CVSS: 4.7 CWE: CWE-89

Medium

CVE-2023-7176

A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request…

CVSS: 4.7 CWE: CWE-89

Critical

CVE-2023-51136

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2023-51135

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2023-51133

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2023-50550

layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2023-7175

A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the…

CVSS: 4.7 CWE: CWE-89

Medium

CVE-2023-7173

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argume…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2018-25096

A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file include…

CVSS: 4.3 CWE: CWE-352

High

CVE-2023-7172

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard.…

CVSS: 7.3 CWE: CWE-89

Medium

CVE-2023-52257

LogoBee 0.2 allows updates.php?id= XSS.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.

CVSS: 9.8 CWE: CWE-611

Critical

CVE-2023-41544

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

CVSS: 9.8 CWE: CWE-94

High

CVE-2022-46487

Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution in…

CVSS: 7.8 CWE: CWE-665

Medium

CVE-2022-46486

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

CVSS: 5.5 CWE: CWE-763

Critical

CVE-2023-41543

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-41542

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

CVSS: 9.8 CWE: CWE-89

2023-12-29

Medium

CVE-2023-52240

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5…

CVSS: 6.1 CWE: CWE-79

High

CVE-2023-50071

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.

CVSS: 8.8 CWE: CWE-89

High

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapp…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2023-50035

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection paylo…

CVSS: 9.8 CWE: CWE-89

Low

CVE-2023-7171

A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/…

CVSS: 2.4 CWE: CWE-79

Critical

CVE-2023-52139

Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github…

CVSS: 9.0 CWE: CWE-285

High

CVE-2023-52137

The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code an…

CVSS: 7.7 CWE: CWE-20

Medium

CVE-2023-51663

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses fro…

CVSS: 5.3 CWE: CWE-289

Medium

CVE-2023-51688

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress:…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-51687

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple.This issue affects Product Catalog Simple: from n/a through 1.7.6.

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-51527

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4:…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-51517

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.

CVSS: 4.1 CWE: CWE-601

Medium

CVE-2023-50572

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.

CVSS: 5.5 CWE: CWE-787

Medium

CVE-2023-50570

An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid…

CVSS: 5.5 CWE: CWE-835

Critical

CVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229.…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-4674

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This i…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-4541

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.…

CVSS: 9.8 CWE: CWE-89

High

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic…

CVSS: 8.8 CWE: CWE-20

Medium

CVE-2023-51675

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Man…

CVSS: 4.7 CWE: CWE-601

Critical

CVE-2023-51475

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2023-51473

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a throug…

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2023-51468

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2023-51421

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.

CVSS: 9.9 CWE: CWE-434

Critical

CVE-2023-51419

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome…

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2023-51417

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.

CVSS: 9.9 CWE: CWE-434

Critical

CVE-2023-51412

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.

CVSS: 9.0 CWE: CWE-434

Critical

CVE-2023-51411

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.

CVSS: 10.0 CWE: CWE-434

Critical

CVE-2023-51410

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.

CVSS: 9.9 CWE: CWE-434

High

CVE-2023-7114

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.

CVSS: 7.1 CWE: CWE-74

Low

CVE-2023-7113

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.

CVSS: 3.7 CWE: CWE-79

Medium

CVE-2023-51676

Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.

CVSS: 4.9 CWE: CWE-918

Critical

CVE-2023-51545

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Car…

CVSS: 9.6 CWE: CWE-352

Critical

CVE-2023-51505

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for…

CVSS: 10.0 CWE: CWE-502

Critical

CVE-2023-51470

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1.

CVSS: 9.9 CWE: CWE-502

Critical

CVE-2023-51422

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webin…

CVSS: 9.9 CWE: CWE-502

Critical

CVE-2023-51414

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1.

CVSS: 9.6 CWE: CWE-502

Medium

CVE-2023-51378

Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1.

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-51358

Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-51354

Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin – Webba Booking.This issue affects Appointment & Event Booking Calendar Plugin – Webba Book…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-50902

Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-50878

Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.

CVSS: 5.4 CWE: CWE-352

High

CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. T…

CVSS: 8.5 CWE: CWE-269

Medium

CVE-2023-7079

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could…

CVSS: 6.4 CWE: CWE-287

High

CVE-2023-7078

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external netwo…

CVSS: 7.5 CWE: CWE-918

Medium

CVE-2023-51402

Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.

CVSS: 4.3 CWE: CWE-352

High

CVE-2023-50893

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue af…

CVSS: 7.1 CWE: CWE-79

High

CVE-2023-50892

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.Th…

CVSS: 7.1 CWE: CWE-79

Medium

CVE-2023-50891

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugi…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-50889

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-50881

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allow…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-50880

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a thr…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-50879

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editi…

CVSS: 6.5 CWE: CWE-79

High

CVE-2023-50837

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Lo…

CVSS: 7.6 CWE: CWE-89

Medium

CVE-2023-44089

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS cod…

CVSS: 6.1 CWE: CWE-79