CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-0293 The Mediamatic β Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0294 The Mediamatic β Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on... | 8.8 | HIGH | β | 0 |
| CVE-2023-0295 The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization a... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0385 The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0402 The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0403 The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX action... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-49278 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through... | 7.1 | HIGH | β | 0 |
| CVE-2024-49279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows Stored XSS.This issue affects Hy... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0404 The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16.... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0446 The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization a... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0447 The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This mak... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0550 The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modific... | 8.1 | HIGH | β | 0 |
| CVE-2023-0553 The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization a... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-0554 The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX act... | 8.1 | HIGH | β | 0 |
| CVE-2023-0555 The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possib... | 8.1 | HIGH | β | 0 |
| CVE-2023-0556 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-0557 The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for ... | 7.5 | HIGH | β | 0 |
| CVE-2023-0558 The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it ... | 8.2 | HIGH | β | 0 |
| CVE-2023-0581 The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checkin... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-0619 The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it po... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-2933 The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_pag... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0723 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_obj... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0727 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_f... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0730 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_fol... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0711 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0715 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-49281 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Ninja Team Click to Chat β WP Support All-in-One Floating Widget support-chat allows Stored ... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0717 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0720 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This m... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0726 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_fol... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-3568 The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthen... | 8.8 | HIGH | β | 0 |
| CVE-2024-49282 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive L... | 5.9 | MEDIUM | β | 0 |
| CVE-2023-0814 The Profile Builder β User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0895 The WP Coder β add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the βidβ parameter in versions up to, and including, 2.5.3 due to insufficient escapi... | 7.2 | HIGH | β | 0 |
| CVE-2023-0942 The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitizatio... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-1029 The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1022 The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1023 The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3.... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1024 The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1026 The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This make... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1027 The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1028 The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1080 The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-0085 The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captc... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-1155 The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input san... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-0968 The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βdnβ, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient in... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-49283 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY woo-multi-currency allows Reflected XSS.This issue affects CURCY: from n/a throug... | 7.1 | HIGH | β | 0 |
| CVE-2020-36667 The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability check... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-36668 The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking ... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-36669 The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the bac... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.