Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2812 |
Description: The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-2805 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-27626 |
Description: Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-27625 |
Description: Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-27454 |
Description: Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-27449 |
Description: Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-27428 |
Description: Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-26522 |
Description: Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-26520 |
Description: Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|
|
CVE-2023-25993 |
Description: Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|