VIR Vulnerability Intelligence Relay

CVEs from 2023

6,454 normalized CVEs published or assigned in this year.

Total
6,454
critical
critical 221
high
high 1,481
medium
medium 1,383
low
low 30
% Critical
3.4%
% with KEV
2.5%
% with exploit
3.0%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • registrationmagic 6
  • codeready_linux_builder_for_ibm_z_systems_eus 6
  • cbot_panel 6
  • codeready_linux_builder_eus 6
  • openstack_platform 6

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-34019 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDa…
CVE-2023-33994 medium 6.5 6.5 2y ago Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/…
CVE-2023-33324 medium 6.5 6.5 2y ago Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.
CVE-2023-32506 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.…
CVE-2023-50884 medium 6.5 6.5 2y ago Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA…
CVE-2023-49857 medium 6.5 6.5 2y ago Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from …
CVE-2023-49848 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Se…
CVE-2023-49167 medium 6.5 6.5 2y ago Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/…
CVE-2023-48779 medium 6.5 6.5 2y ago Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript V…
CVE-2023-48274 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiSh…
CVE-2023-47764 medium 6.5 6.5 2y ago Missing Authorization vulnerability in metaphorcreations Ditty ditty-news-ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through <= …
CVE-2023-32299 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects N…
CVE-2023-30870 medium 6.5 6.5 2y ago Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…
CVE-2023-28689 medium 6.5 6.5 2y ago Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVE-2023-26522 medium 6.5 6.5 2y ago Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.
CVE-2023-25966 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
CVE-2023-25454 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Butto…
CVE-2023-25035 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8…
CVE-2023-28746 medium 6.5 6.5 2y ago RHSA-2024:5101: kernel security update (Important)
CVE-2023-46197 medium 6.5 6.5 2y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: …
CVE-2023-41651 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.
CVE-2023-3019 medium 6.5 6.5 2y ago RHSA-2024:0135: virt:rhel and virt-devel:rhel security update (Moderate)
CVE-2023-6129 medium 6.5 6.5 2y ago Low: openssl and openssl-fips-provider security update
CVE-2023-23989 medium 6.5 6.5 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
CVE-2023-49768 medium 6.5 6.5 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Stored XSS.This issue affects WP-FormAssembl…
CVE-2023-52234 medium 6.5 6.5 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.
CVE-2023-52231 medium 6.5 6.5 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.
CVE-2023-36679 medium 6.5 6.5 2y ago Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
CVE-2023-52228 medium 6.5 6.5 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: fr…
CVE-2023-7251 medium 6.5 6.5 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n…
CVE-2023-49837 medium 6.5 6.5 2y ago Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6.
CVE-2023-52229 medium 6.5 6.5 2y ago Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.
CVE-2023-51385 medium 6.5 6.5 2y ago RHSA-2024:0606: openssh security update (Moderate)
CVE-2023-46218 medium 6.5 6.5 2y ago RHSA-2024:1601: curl security and bug fix update (Moderate)
CVE-2023-51681 medium 6.5 6.5 2y ago Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.…
CVE-2023-24416 medium 6.5 6.5 2y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.
CVE-2023-51678 medium 6.5 6.5 2y ago Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.
CVE-2023-51676 medium 6.5 6.5 2y ago Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1.
CVE-2023-49765 medium 6.5 6.5 3y ago Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
CVE-2023-47191 medium 6.5 6.5 3y ago Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify –…
CVE-2023-32799 medium 6.5 6.5 3y ago Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.
CVE-2023-31231 medium 6.5 6.5 3y ago Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elemen…
CVE-2023-30872 medium 6.5 6.5 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2.
CVE-2023-46311 medium 6.5 6.5 3y ago Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.
CVE-2023-41796 medium 6.5 6.5 3y ago Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Gallerie…
CVE-2023-25715 medium 6.5 6.5 3y ago Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification …
CVE-2023-47558 medium 6.5 6.5 3y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page – Hit Counter allows SQL Injection.This issue affects Who Hit The Page…
CVE-2023-37868 medium 6.5 6.5 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.
CVE-2023-26533 medium 6.5 6.5 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.
CVE-2023-48333 medium 6.5 6.5 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1.
CVE-2023-41239 medium 6.5 6.5 3y ago Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
CVE-2023-23800 medium 6.5 6.5 3y ago Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.
CVE-2023-23684 medium 6.5 6.5 3y ago WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
CVE-2023-4527 medium 6.5 6.5 3y ago RHSA-2023:5455: glibc security update (Important)
CVE-2023-36897 medium 6.5 6.5 3y ago Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33151 medium 6.5 6.5 3y ago Microsoft Outlook Spoofing Vulnerability
CVE-2023-25136 medium 6.5 6.5 3y ago OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote a…
CVE-2023-29237 medium 6.3 6.3 2y ago Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n…
CVE-2023-27449 medium 6.3 6.3 2y ago Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
CVE-2023-31234 medium 6.3 6.3 2y ago Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23.
CVE-2023-42345 medium 6.1 6.1 22d ago Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
CVE-2023-42343 medium 6.1 6.1 22d ago Alkacon OpenCms is vulnerable to XSS via cmis-online/type
CVE-2023-54349 medium 6.1 6.1 25d ago AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Att…
CVE-2023-53900 medium 6.1 6.1 6mo ago Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo …
CVE-2023-40000 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from…
CVE-2023-6047 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS. This issue affects E-commerce Software: befo…
CVE-2023-34020 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
CVE-2023-33322 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n…
CVE-2023-50905 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through …
CVE-2023-51533 medium 6.1 6.1 2y ago Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.
CVE-2023-51488 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue af…
CVE-2023-6673 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMa…
CVE-2023-51509 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Log…
CVE-2023-51540 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through …
CVE-2023-7153 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS. This issue affects …
CVE-2023-52196 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel:…
CVE-2023-52213 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.…
CVE-2023-50893 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue af…
CVE-2023-50892 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.Th…
CVE-2023-51373 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Googl…
CVE-2023-50901 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega…
CVE-2023-32517 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin …
CVE-2023-32101 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.
CVE-2023-31237 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.
CVE-2023-31229 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.
CVE-2023-31095 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot a…
CVE-2023-28786 medium 6.1 6.1 2y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Passw…
CVE-2023-51501 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Un…
CVE-2023-4672 medium 6.1 6.1 2y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. This issue affects ECOP: before 32255.
CVE-2023-6122 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı…
CVE-2023-5989 medium 6.1 6.1 3y ago An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute …
CVE-2023-5988 medium 6.1 6.1 3y ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS. This issue affects Li…
CVE-2023-46624 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.
CVE-2023-37982 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesf…
CVE-2023-35883 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.
CVE-2023-45105 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliat…
CVE-2023-41648 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.
CVE-2023-40602 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.
CVE-2023-38481 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerc…
CVE-2023-38478 medium 6.1 6.1 3y ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a throu…