Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2277 |
Description: The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.15%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-2083 |
Description: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.
CVSS: MEDIUM (4.3) EPSS Score: 0.08%
December 4th, 2024 (6 months ago)
|
|
CVE-2023-1895 |
Description: The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS: HIGH (8.5) EPSS Score: 0.08%
December 4th, 2024 (6 months ago)
|
|
CVE-2024-53793 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53792 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53789 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53784 |
Description: Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53782 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53781 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2024-53780 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|