Security Vulnerabilities, CVEs

CVE-2023-49177

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.This issue affects which template file: from n/a through 4.9.0.
Max CVSS
7.1
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49176

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2.
Max CVSS
7.1
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49175

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kreativo Pro KP Fastest Tawk.To Chat allows Stored XSS.This issue affects KP Fastest Tawk.To Chat: from n/a through 1.1.1.
Max CVSS
5.9
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49174

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.
Max CVSS
5.9
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49173

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10to8 Sign In Scheduling Online Appointment Booking System allows Stored XSS.This issue affects Sign In Scheduling Online Appointment Booking System: from n/a through 1.0.9.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49172

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30.
Max CVSS
7.1
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49171

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR – Complete Human Resource Management System for Your Business allows Reflected XSS.This issue affects Innovs HR – Complete Human Resource Management System for Your Business: from n/a through 1.0.3.4.
Max CVSS
7.1
Published
2023-12-14
Updated
2023-12-18
EPSS
0.05%

CVE-2023-49170

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3.
Max CVSS
7.1
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49169

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in datafeedr.Com Ads by datafeedr.Com allows Stored XSS.This issue affects Ads by datafeedr.Com: from n/a through 1.2.0.
Max CVSS
6.5
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49168

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n/a through 2.4.0.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-22
EPSS
0.05%

CVE-2023-49166

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.This issue affects MSync: from n/a through 1.0.0.
Max CVSS
9.1
Published
2023-12-20
Updated
2023-12-27
EPSS
0.05%

CVE-2023-49165

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Real Big Plugins Client Dash allows Stored XSS.This issue affects Client Dash: from n/a through 2.2.1.
Max CVSS
5.9
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49164

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.
Max CVSS
8.8
Published
2023-12-19
Updated
2023-12-22
EPSS
0.06%

CVE-2023-49163

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-22
EPSS
0.06%

CVE-2023-49162

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6.
Max CVSS
7.5
Published
2023-12-21
Updated
2023-12-29
EPSS
0.09%

CVE-2023-49161

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2.
Max CVSS
9.1
Published
2023-12-20
Updated
2023-12-27
EPSS
0.05%

CVE-2023-49160

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.6.
Max CVSS
6.5
Published
2023-12-15
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49159

Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4.
Max CVSS
7.5
Published
2023-12-15
Updated
2023-12-19
EPSS
0.09%

CVE-2023-49157

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andreas Münch Multiple Post Passwords allows Stored XSS.This issue affects Multiple Post Passwords: from n/a through 1.1.1.
Max CVSS
5.9
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49155

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-21
EPSS
0.06%

CVE-2023-49153

Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.
Max CVSS
8.8
Published
2023-12-18
Updated
2023-12-20
EPSS
0.06%

CVE-2023-49152

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labs64 Credit Tracker allows Stored XSS.This issue affects Credit Tracker: from n/a through 1.1.17.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49151

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49150

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.1.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%

CVE-2023-49149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Currency Converter Calculator allows Stored XSS.This issue affects Currency Converter Calculator: from n/a through 1.3.1.
Max CVSS
6.5
Published
2023-12-14
Updated
2023-12-19
EPSS
0.05%
50 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 ...... 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50