Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2083 |
Description: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
CVSS: MEDIUM (4.3) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-1895 |
Description: The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS: HIGH (8.5) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-53793 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53792 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53789 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53784 |
Description: Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53782 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53781 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53780 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53779 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|