Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-28532 |
Description: Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28417 |
Description: Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28416 |
Description: Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28168 |
Description: Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
CVSS: LOW (3.7) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28165 |
Description: Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-2812 |
Description: The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-2805 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-27626 |
Description: Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-27625 |
Description: Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-27454 |
Description: Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|