Security Vulnerabilities, CVEs

CVE-2023-49777

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.
Max CVSS
9.1
Published
2023-12-31
Updated
2024-01-01
EPSS
0.05%

CVE-2023-49776

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-29
EPSS
0.08%

CVE-2023-49775

Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.
Max CVSS
8.8
Published
2023-12-17
Updated
2023-12-20
EPSS
0.06%

CVE-2023-49773

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.
Max CVSS
10.0
Published
2023-12-20
Updated
2023-12-20
EPSS
0.05%

CVE-2023-49772

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.
Max CVSS
10.0
Published
2023-12-20
Updated
2023-12-29
EPSS
0.07%

CVE-2023-49771

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.
Max CVSS
7.1
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.
Max CVSS
5.9
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49769

Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.
Max CVSS
8.8
Published
2023-12-17
Updated
2023-12-20
EPSS
0.06%

CVE-2023-49767

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Stored XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.
Max CVSS
5.9
Published
2023-12-15
Updated
2023-12-21
EPSS
0.05%

CVE-2023-49766

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.
Max CVSS
7.1
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49765

Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.
Max CVSS
6.5
Published
2023-12-21
Updated
2023-12-30
EPSS
0.05%

CVE-2023-49764

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.
Max CVSS
7.6
Published
2023-12-19
Updated
2023-12-22
EPSS
0.05%

CVE-2023-49763

Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through 1.1.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49762

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite – Create an app with the Best Mobile App Builder.This issue affects AppMySite – Create an app with the Best Mobile App Builder: from n/a through 3.11.0.
Max CVSS
7.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.09%

CVE-2023-49761

Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49760

Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49759

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49752

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-30
EPSS
0.08%

CVE-2023-49751

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.
Max CVSS
8.8
Published
2023-12-17
Updated
2023-12-20
EPSS
0.06%

CVE-2023-49750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.
Max CVSS
9.8
Published
2023-12-19
Updated
2023-12-22
EPSS
0.08%

CVE-2023-49749

Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23.
Max CVSS
8.8
Published
2023-12-15
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49747

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.
Max CVSS
5.9
Published
2023-12-15
Updated
2023-12-21
EPSS
0.05%

CVE-2023-49746

Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2.
Max CVSS
4.9
Published
2023-12-07
Updated
2023-12-12
EPSS
0.05%

CVE-2023-49745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49744

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.
Max CVSS
8.8
Published
2023-12-15
Updated
2023-12-21
EPSS
0.06%
50 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 ...... 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50