2023-11-03
2023-11-03 12:15Z
HIGH

CVE-2023-41652 — Carrcommunications Rsvpmaker: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41652

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. CVSSv3.1 8.2 (HIGH) · EPSS 89th percentile

CWECWE 89VNDCarrcommunicationsTYPVulnerability
8.2
CVSS v3.1
92
Edit Score
2023-11-03
2023-11-03 12:15Z
CRIT

CVE-2023-3277 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3277

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 288VNDInspireuiVNDMstoreTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-11-03
2023-11-03 12:15Z
HIGH

CVE-2023-34383 — Wedevs Wp_project_manager: A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-34383

A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through <= 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile

CWECWE 89VNDWedevsVNDProjectTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-11-02
2023-11-02 22:15Z
CRIT

CVE-2023-46958 — Lmxcms Lmxcms: An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 94VNDLmxcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-11-02
2023-11-02 12:15Z
HIGH

CVE-2023-43336 — Sangoma Freepbx: Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43336

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 284VNDSangomaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 15:15Z
CRIT

CVE-2023-42425 — Turing Edge\+_evc5fd_firmware: An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-42425

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 295VNDTuringTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-31
2023-10-31 15:15Z
HIGH

CVE-2023-31212 — Crmperks Database_for_contact_form_7\,_wpforms\,_elementor_forms: A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-31212

A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile

CWECWE 89VNDCrmVNDCrmperksTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-10-31
2023-10-31 14:15Z
HIGH

CVE-2023-28777 — Learndash Learndash: A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-28777

A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through <= 4.5.3. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile

CWECWE 89VNDLearndashTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2023-10-31
2023-10-31 14:15Z
HIGH

CVE-2023-24000 — Gamipress Gamipress: A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <=

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-24000

A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <= 2.5.7. CVSSv3.1 8.2 (HIGH) · EPSS 96th percentile

CWECWE 89VNDGamipressVNDRubenTYPVulnerability
8.2
CVSS v3.1
97
Edit Score
2023-10-31
2023-10-31 12:15Z
HIGH

CVE-2023-5099 — Jonashjalmarsson Html_filter_and_csv-file_search: The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5099

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile

CWECWE 98CWECWE 552VNDJonashjalmarssonTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5464 — Gopiplus Jquery_accordion_slideshow: The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fr CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 89VNDGopiplusVNDJqueryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5439 — Gopiplus Wp_photo_text_slider_50: The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5439

The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5438 — Gopiplus Wp_image_slideshow: The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5437 — Gopiplus Wp_fade_in_text_news: The WP fade in text news plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5437

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from th CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5436 — Gopiplus Vertical_marquee_plugin: The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5436

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the dat CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 89VNDGopiplusVNDVerticalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5435 — Gopiplus Up_down_image_slideshow_gallery: The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5435

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive informat CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5434 — Gopiplus Superb_slideshow_gallery: The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fro CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 89VNDGopiplusVNDSuperbTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5433 — Gopiplus Message_ticker: The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5433

The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the datab CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 89VNDGopiplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5431 — Gopiplus Left_right_image_slideshow_gallery: The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5431

The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive infor CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 89VNDGopiplusVNDLeftTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5430 — Gopiplus Jquery_news_ticker: The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the d CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile

CWECWE 89VNDGopiplusVNDJqueryTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5429 — Gopiplus Information_reel: The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5429

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the da CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 89VNDGopiplusVNDInformationTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5428 — Gopiplus Image_vertical_reel_scroll_slideshow: The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5428

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive info CVSSv3.1 8.8 (HIGH) · EPSS 43th percentile

CWECWE 89VNDGopiplusVNDImageTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-31
2023-10-31 09:15Z
HIGH

CVE-2023-5412 — Gopiplus Image_horizontal_reel_scroll_slideshow: The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5412

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive i CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile

CWECWE 89VNDGopiplusVNDImageTYPVulnerability
8.8
CVSS v3.1
97
Edit Score
2023-10-31
2023-10-31 05:15Z
CRIT

CVE-2023-36263 — Store-opart Op\'art_limit_quantity: Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-36263

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSSv3.1 9.8 (CRITICAL) · EPSS 16th percentile

CWECWE 89VNDPrestashopVNDStore OpartTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-30
2023-10-30 14:15Z
CRIT

CVE-2023-5843 — Datafeedr Ads_by_datafeedr.com: The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5843

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. CVSSv3.1 9.0 (CRITICAL) · EPSS 93th percentile

CWECWE 94VNDDatafeedrVNDAdsTYPVulnerability
9.0
CVSS v3.1
98
Edit Score