Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-23823
WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2023-23726
WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2023-23725
WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2023-23716
WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2023-23715
WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability
Description: Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.

CVSS: MEDIUM (5.2)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2023-22708
WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-12253
Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Upd...
Description: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (5 months ago)

CVE-2024-12128
Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Par...
Description: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (5 months ago)

CVE-2024-11464
Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting
Description: The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (5 months ago)

CVE-2024-11457
Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting
Description: The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (5 months ago)