Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-23646 Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23719 Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-27606 Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34036 Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-27424 Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2912 Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-4023 The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious reque... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-0439 The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-1893 The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2143 The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2329 The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code ... | 8.8 | HIGH | — | 0 |
| CVE-2023-2579 The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting atta... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2636 The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low... | 8.8 | HIGH | — | 0 |
| CVE-2023-2701 The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileg... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2959 Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | 7.5 | HIGH | — | 0 |
| CVE-2023-2960 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).This issue affects Oliva Exp... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2963 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: b... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31216 Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-35038 Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-35089 Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-35880 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-3182 The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-3186 The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3376 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47172 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-2958 Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31851 Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31853 Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34005 Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-36511 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-36513 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-36514 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-37968 Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-38062 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-47007 An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-35818 An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-36656 Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-37974 Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-37985 Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3577 Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. | 3.5 | LOW | — | 0 |
| CVE-2023-3581 Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. | 6.2 | MEDIUM | — | 0 |
| CVE-2023-3582 Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3584 Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override S... | 3.1 | LOW | — | 0 |
| CVE-2023-3585 Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-3586 Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. | 4.2 | MEDIUM | — | 0 |
| CVE-2023-3587 Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the U... | 2.7 | LOW | — | 0 |
| CVE-2023-3590 Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | 3.1 | LOW | — | 0 |
| CVE-2023-39122 BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3591 Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-3593 Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.