Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. | |||||
| CVE-2017-18499 | 1 Simple-membership-plugin | 1 Simple Membership | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-membership plugin before 3.5.7 for WordPress has XSS. | |||||
| CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | |||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | |||||
| CVE-2019-13478 | 1 Yoast | 1 Yoast Seo | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | |||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2023-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | |||||
| CVE-2015-9333 | 1 Cformsii Project | 1 Cformsii | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletter | 2023-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | |||||
| CVE-2019-11872 | 1 Incsub | 1 Hustle | 2023-02-24 | 6.8 MEDIUM | 8.8 HIGH |
| The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2023-02-24 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2017-18508 | 1 Wp-livechat | 1 Wp Live Chat Support | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | |||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2023-02-24 | 6.5 MEDIUM | 7.2 HIGH |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | |||||
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2023-02-24 | N/A | 5.5 MEDIUM |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | |||||
| CVE-2023-22805 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2023-02-24 | N/A | 4.3 MEDIUM |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | |||||
| CVE-2023-22806 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials. | |||||
| CVE-2023-0687 | 1 Gnu | 1 Glibc | 2023-02-24 | 4.0 MEDIUM | 9.8 CRITICAL |
| ** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. | |||||
| CVE-2023-23936 | 1 Nodejs | 2 Node.js, Undici | 2023-02-24 | N/A | 5.4 MEDIUM |
| Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. | |||||
| CVE-2023-22804 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device. | |||||