2023-11-06
2023-11-06 09:15Z
HIGH

CVE-2023-35911 — Creative-solutions Contact_form_generator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35911

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 46th percentile

CWECWE 89VNDCreative SolutionsTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-06
2023-11-06 09:15Z
HIGH

CVE-2023-28748 — Appjetty Copy_or_move_comments: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-28748

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile

CWECWE 89VNDAppjettyTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-06
2023-11-06 08:15Z
HIGH

CVE-2022-46860 — Kaizencoders Short_url: A vulnerability in KaizenCoders Short URL shorten-url.This issue affects Short URL: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46860

A vulnerability in KaizenCoders Short URL shorten-url.This issue affects Short URL: from n/a through <= 1.6.4. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile

CWECWE 89VNDKaizencodersTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-06
2023-11-06 08:15Z
HIGH

CVE-2022-45373 — Wp-slimstat Slimstat_analytics: A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45373

A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through <= 5.0.4. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 89VNDWp SlimstatVNDVeronalabsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-11-04
2023-11-04 00:15Z
HIGH

CVE-2023-35910 — Quasar-form Quasar_form: A vulnerability in nucleusgenius Quasar form quasar-form.This issue affects Quasar form: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35910

A vulnerability in nucleusgenius Quasar form quasar-form.This issue affects Quasar form: from n/a through <= 6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile

CWECWE 89VNDQuasar FormVNDQuasarTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-03
2023-11-03 23:15Z
HIGH

CVE-2023-36677 — Smartypantsplugins Sp_project_\&_document_manager: A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-36677

A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project & Document Manager : from n/a through <= 4.67. CVSSv3.1 8.3 (HIGH) · EPSS 43th percentile

CWECWE 89VNDSmartypantspluginsVNDProjectTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2023-11-03
2023-11-03 17:15Z
CRIT

CVE-2023-36529 — Favethemes Houzez: A vulnerability in Favethemes Houzez CRM houzez-crm.This issue affects Houzez CRM: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-36529

A vulnerability in Favethemes Houzez CRM houzez-crm.This issue affects Houzez CRM: from n/a through <= 1.3.4. CVSSv3.1 9.9 (CRITICAL) · EPSS 43th percentile

CWECWE 89VNDFavethemesTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-11-03
2023-11-03 17:15Z
HIGH

CVE-2023-25800 — Themeum Tutor_lms: A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-25800

A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 2.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 48th percentile

CWECWE 89VNDThemeumTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-11-03
2023-11-03 17:15Z
HIGH

CVE-2023-25700 — Themeum Tutor_lms: A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-25700

A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 2.1.10. CVSSv3.1 8.2 (HIGH) · EPSS 45th percentile

CWECWE 89VNDThemeumTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-11-03
2023-11-03 16:15Z
HIGH

CVE-2022-46818 — Gopiplus Email_posts_to_subscribers: A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.This issue affects Email posts to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46818

A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.This issue affects Email posts to subscribers: from n/a through <= 6.2. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-11-03
2023-11-03 13:15Z
HIGH

CVE-2022-47445 — Web-x Be-popia-compliant: A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.This issue affects Be POPIA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-47445

A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.This issue affects Be POPIA Compliant: from n/a through <= 1.2.0. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile

CWECWE 89VNDWeb XVNDPopiaTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-11-03
2023-11-03 13:15Z
HIGH

CVE-2022-46859 — Spiffyplugins Spiffy_calendar: A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.This issue affects Spiffy Calendar: from n/a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46859

A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.This issue affects Spiffy Calendar: from n/a through <= 4.9.1. CVSSv3.1 8.5 (HIGH) · EPSS 51th percentile

CWECWE 89VNDSpiffypluginsVNDSpiffyTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-03
2023-11-03 13:15Z
HIGH

CVE-2022-46808 — Reputeinfosystems Armember: A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46808

A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile

CWECWE 89VNDReputeinfosystemsVNDArmemberTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-11-03
2023-11-03 13:15Z
HIGH

CVE-2022-45805 — Paytm Payment_gateway: A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45805

A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from n/a through <= 2.7.3. CVSSv3.1 8.2 (HIGH) · EPSS 97th percentile

CWECWE 89VNDPaytmTYPVulnerability
8.2
CVSS v3.1
100
Edit Score
2023-11-03
2023-11-03 12:15Z
HIGH

CVE-2023-41652 — Carrcommunications Rsvpmaker: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. CVSSv3.1 8.2 (HIGH) · EPSS 89th percentile

CWECWE 89VNDCarrcommunicationsTYPVulnerability
8.2
CVSS v3.1
92
Edit Score
2023-11-03
2023-11-03 12:15Z
CRIT

CVE-2023-3277 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 288VNDInspireuiVNDMstoreTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-11-03
2023-11-03 12:15Z
HIGH

CVE-2023-34383 — Wedevs Wp_project_manager: A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-34383

A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through <= 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile

CWECWE 89VNDWedevsVNDProjectTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-02
2023-11-02 22:15Z
CRIT

CVE-2023-46958 — Lmxcms Lmxcms: An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 94VNDLmxcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-11-02
2023-11-02 12:15Z
HIGH

CVE-2023-43336 — Sangoma Freepbx: Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43336

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 284VNDSangomaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 15:15Z
CRIT

CVE-2023-42425 — Turing Edge\+_evc5fd_firmware: An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-42425

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 295VNDTuringTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-31
2023-10-31 15:15Z
HIGH

CVE-2023-31212 — Crmperks Database_for_contact_form_7\,_wpforms\,_elementor_forms: A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-31212

A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile

CWECWE 89VNDCrmVNDCrmperksTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-10-31
2023-10-31 14:15Z
HIGH

CVE-2023-28777 — Learndash Learndash: A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-28777

A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through <= 4.5.3. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile

CWECWE 89VNDLearndashTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-10-31
2023-10-31 14:15Z
HIGH

CVE-2023-24000 — Gamipress Gamipress: A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <=

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-24000

A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <= 2.5.7. CVSSv3.1 8.2 (HIGH) · EPSS 96th percentile

CWECWE 89VNDGamipressVNDRubenTYPVulnerability
8.2
CVSS v3.1
97
Edit Score
2023-10-31
2023-10-31 12:15Z
HIGH

CVE-2023-5099 — Jonashjalmarsson Html_filter_and_csv-file_search: The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5099

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile

CWECWE 98CWECWE 552VNDJonashjalmarssonTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5464 — Gopiplus Jquery_accordion_slideshow: The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fr CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 89VNDGopiplusVNDJqueryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score