2023-10-30
2023-10-30 14:15Z
HIGH

CVE-2023-5583 — Maca134 Wp_simple_galleries: The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5583

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target syste CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 502VNDMaca134VNDSimpleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-30
2023-10-30 14:15Z
HIGH

CVE-2023-5315 — Matthewschwartz Google_maps_made_simple: The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5315

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from CVSSv3.1 8.8 (HIGH) · EPSS 42th percentile

CWECWE 89VNDGoogleVNDMatthewschwartzTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-30
2023-10-30 14:15Z
HIGH

CVE-2023-5250 — G5theme Grid_plus: The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. CVSSv3.1 8.8 (HIGH) · EPSS 58th percentile

CWECWE 98VNDG5themeVNDGridTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-30
2023-10-30 14:15Z
CRIT

CVE-2023-5199 — Php_to_page_project Php_to_page: The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5199

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by CVSSv3.1 9.9 (CRITICAL) · EPSS 90th percentile

CWECWE 98CWECWE 552VNDPhp To Page ProjectTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2023-10-28
2023-10-28 12:15Z
HIGH

CVE-2023-5425 — Wpexpertplugins Post_meta_data_manager: The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5425

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 862VNDWpexpertpluginsVNDPostTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-27
2023-10-27 13:15Z
CRIT

CVE-2023-5807 — Trteksolutions Education_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5807

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile

CWECWE 89VNDTrteksolutionsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-25
2023-10-25 21:15Z
CRIT

CVE-2023-46233 — Crypto-js_project Crypto-js: is a JavaScript library of crypto standards.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration co CVSSv3.1 9.1 (CRITICAL) · EPSS 46th percentile

CWECWE 327CWECWE 328CWECWE 916VNDCrypto Js ProjectTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-10-25
2023-10-25 18:17Z
HIGH

CVE-2023-5311 — Wpvnteam Wp_extra: The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5311

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. CVE-2023-46623 appears to be a duplicate o CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile

CWECWE 862VNDWpvnteamVNDExtraTYPVulnerability
8.8
CVSS v3.1
96
Edit Score
2023-10-25
2023-10-25 18:17Z
HIGH

CVE-2023-46136 — Palletsprojects Werkzeug: This allows an attacker to cause a denial of service by sending crafted multipart

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an en CVSSv3.1 8.0 (HIGH) · EPSS 69th percentile

CWECWE 787CWECWE 400CWECWE 407VNDPalletsprojectsVNDWerkzeugTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2023-10-25
2023-10-25 18:17Z
CRIT

CVE-2023-46010 — Seacms Seacms: An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46010

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. CVSSv3.1 9.8 (CRITICAL) · EPSS 65th percentile

CWECWE 94VNDSeacmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-23
2023-10-23 21:35Z
CRIT

Citrix Bleed: Leaking Session Tokens with CVE-2023-4966

Assetnote·blog.assetnote.ioCVE-2023-4966in the wild

Citrix Bleed (CVE-2023-4966) is a critical vulnerability allowing unauthenticated attackers to leak session tokens from Citrix NetScaler ADC and Gateway instances. The flaw enables direct credential theft without authentication, leading to complete account compromise and lateral movement within protected networks.

SRFApplicationTACTA0006VNDCitrixTYPWriteupTYPVulnerabilitySTGCred AccessTECT1187EXPAuth Bypass
92
Edit Score
2023-10-20
2023-10-20 08:15Z
HIGH

CVE-2023-4999 — Gopiplus Horizontal_scrolling_announcement: The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4999

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to ex CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 89VNDGopiplusVNDHorizontalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-20
2023-10-20 08:15Z
HIGH

CVE-2023-4386 — Wpdeveloper Essential_blocks: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute CVSSv3.1 8.1 (HIGH) · EPSS 89th percentile

CWECWE 502VNDWpdeveloperVNDEssentialTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2023-10-20
2023-10-20 08:15Z
HIGH

CVE-2022-4290 — Cyr_to_lat_project Cyr_to_lat: The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-4290

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive informat CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile

CWECWE 89VNDCyr To Lat ProjectVNDCyrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-20
2023-10-20 08:15Z
HIGH

CVE-2022-2441 — Orangelab Imagemagick_engine: The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attac CVSSv3.1 8.8 (HIGH) · EPSS 84th percentile

CWECWE 352VNDOrangelabVNDImagemagickTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2023-10-20
2023-10-20 08:15Z
HIGH

CVE-2021-4334 — Radykal Fancy_product_designer: The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4334

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile

CWECWE 285CWECWE 863VNDRadykalVNDFancyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-20
2023-10-20 07:15Z
HIGH

CVE-2023-5576 — Wpvivid Migration\,_backup\,_staging: The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5576

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. CVSSv3.1 8.0 (HIGH) · EPSS 76th percentile

CWECWE 200VNDWpvividVNDMigrationTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2023-10-20
2023-10-20 07:15Z
CRIT

CVE-2023-5414 — Icegram Icegram_express: The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5414

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. CVSSv3.1 9.1 (CRITICAL) · EPSS 84th percentile

CWECWE 22VNDIcegramTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2023-10-20
2023-10-20 07:15Z
HIGH

CVE-2023-4598 — Wp-slimstat Slimstat_analytics: The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4598

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from th CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 89VNDWp SlimstatVNDSlimstatTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-20
2023-10-20 07:15Z
CRIT

CVE-2023-4488 — Hynotech Dropbox_folder_share: The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. CVSSv3.1 9.8 (CRITICAL) · EPSS 65th percentile

CWECWE 98CWECWE 829VNDDropboxVNDHynotechTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-20
2023-10-20 07:15Z
HIGH

CVE-2023-4402 — Wpdeveloper Essential_blocks: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or exec CVSSv3.1 8.1 (HIGH) · EPSS 86th percentile

CWECWE 502VNDWpdeveloperVNDEssentialTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-10-20
2023-10-20 07:15Z
CRIT

CVE-2020-36706 — Simple-press Simple\: The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile

CWECWE 434VNDSimple PressVNDSimpleTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-10-20
2023-10-20 07:15Z
HIGH

CVE-2020-36698 — Cleantalk Security_\&_malware_scan: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 862VNDCleantalkVNDSecurityTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-19
2023-10-19 19:15Z
CRIT

CVE-2023-45992 — Commscope Ruckus_cloudpath_enrollment_system: A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45992

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. CVSSv3.1 9.6 (CRITICAL) · EPSS 44th percentile

CWECWE 352CWECWE 79VNDCommscopeTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2023-10-19
2023-10-19 13:15Z
CRIT

CVE-2023-45379 — Posthemes Posrotatorimg: In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45379

In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 89VNDPosthemesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score