VIR Vulnerability Intelligence Relay

CVEs from 2023

6,112 normalized CVEs published or assigned in this year.

Total
6,112
critical
critical 240
high
high 1,529
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-46082 medium 5.3 5.3 1y ago Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder broken-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Li…
CVE-2023-46073 medium 5.3 5.3 1y ago Missing Authorization vulnerability in Mario Peshev DX Delete Attached Media dx-delete-attached-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Del…
CVE-2023-45766 medium 5.3 5.3 1y ago Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
CVE-2023-45649 medium 5.3 5.3 1y ago Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointm…
CVE-2023-45061 medium 5.3 5.3 1y ago Missing Authorization vulnerability in awsm.in WP Job Openings wp-job-openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a thr…
CVE-2023-44258 medium 5.3 5.3 1y ago Missing Authorization vulnerability in vberkel Schema App Structured Data schema-app-structured-data-for-schemaorg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a…
CVE-2023-48775 medium 5.3 5.3 1y ago Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
CVE-2023-44149 medium 5.3 5.3 2y ago Missing Authorization vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for Woo…
CVE-2023-44147 medium 5.3 5.3 2y ago Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comme…
CVE-2023-41952 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a thro…
CVE-2023-41862 medium 5.3 5.3 2y ago Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.
CVE-2023-41849 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a throu…
CVE-2023-41848 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.
CVE-2023-41803 medium 5.3 5.3 2y ago Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerc…
CVE-2023-41690 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from …
CVE-2023-41133 medium 5.3 5.3 2y ago Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.
CVE-2023-39996 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acc…
CVE-2023-39305 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Anoth…
CVE-2023-38480 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n…
CVE-2023-38479 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a throu…
CVE-2023-37969 medium 5.3 5.3 2y ago Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zel…
CVE-2023-36528 medium 5.3 5.3 2y ago Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
CVE-2023-36506 medium 5.3 5.3 2y ago Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: fro…
CVE-2023-35875 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.
CVE-2023-35777 medium 5.3 5.3 2y ago Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a…
CVE-2023-34381 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2.
CVE-2023-32963 medium 5.3 5.3 2y ago Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive S…
CVE-2023-32798 medium 5.3 5.3 2y ago Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.…
CVE-2023-51362 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Premio My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n…
CVE-2023-51357 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Co…
CVE-2023-50904 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.
CVE-2023-50887 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a t…
CVE-2023-50882 medium 5.3 5.3 2y ago Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a thr…
CVE-2023-50375 medium 5.3 5.3 2y ago Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google L…
CVE-2023-50373 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WPSAAD Alt Manager alt-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alt Manager: from n/a through <= 1.6.1.
CVE-2023-49851 medium 5.3 5.3 2y ago Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.…
CVE-2023-49850 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a …
CVE-2023-49845 medium 5.3 5.3 2y ago Missing Authorization vulnerability in mattdeclaire Redirects redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through <= 1.2.1.
CVE-2023-49832 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through …
CVE-2023-49818 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.
CVE-2023-49194 medium 5.3 5.3 2y ago Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (…
CVE-2023-49193 medium 5.3 5.3 2y ago Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through <= 1.3…
CVE-2023-49192 medium 5.3 5.3 2y ago Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget:…
CVE-2023-49154 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator…
CVE-2023-48750 medium 5.3 5.3 2y ago Missing Authorization vulnerability in voidthemes Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder allows Exploiting Incorrectly Con…
CVE-2023-47847 medium 5.3 5.3 2y ago Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pay…
CVE-2023-47832 medium 5.3 5.3 2y ago Missing Authorization vulnerability in SearchIQ SearchIQ searchiq allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through <= 4.4.
CVE-2023-47823 medium 5.3 5.3 2y ago Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7.
CVE-2023-32293 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2…
CVE-2023-30488 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Po…
CVE-2023-30479 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.i…
CVE-2023-29429 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2…
CVE-2023-29173 medium 5.3 5.3 2y ago Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a th…
CVE-2023-28536 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1…
CVE-2023-27626 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.…
CVE-2023-26520 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a thr…
CVE-2023-25703 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…
CVE-2023-25455 medium 5.3 5.3 2y ago Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2023-25060 medium 5.3 5.3 2y ago Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
CVE-2023-25048 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content …
CVE-2023-23975 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9…
CVE-2023-23893 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.
CVE-2023-23887 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for W…
CVE-2023-25457 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1.
CVE-2023-5678 medium 5.3 5.3 2y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-48763 medium 5.3 5.3 2y ago Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.
CVE-2023-32127 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
CVE-2023-25790 medium 5.3 5.3 2y ago Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects Woo…
CVE-2023-25785 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.
CVE-2023-23985 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
CVE-2023-45000 medium 5.3 5.3 2y ago Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
CVE-2023-52211 medium 5.3 5.3 2y ago Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
CVE-2023-27630 medium 5.3 5.3 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.
CVE-2023-6780 medium 5.3 5.3 2y ago An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called w…
CVE-2023-27043 medium 5.3 5.3 2y ago Moderate: python3.11 security update
CVE-2023-52126 medium 5.3 5.3 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.
CVE-2023-52151 medium 5.3 5.3 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugi…
CVE-2023-52148 medium 5.3 5.3 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.
CVE-2023-52146 medium 5.3 5.3 2y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.
CVE-2023-46219 medium 5.3 5.3 3y ago When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.
CVE-2023-35909 medium 5.3 5.3 3y ago Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – …
CVE-2023-36523 medium 5.3 5.3 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7.
CVE-2023-36507 medium 5.3 5.3 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects Booki…
CVE-2023-25057 medium 5.3 5.3 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.
CVE-2023-46820 medium 5.3 5.3 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Iulia Cazan Image Regenerate & Select Crop.This issue affects Image Regenerate & Select Crop: from n/a through 7.3.0.
CVE-2023-45834 medium 5.3 5.3 3y ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4.
CVE-2023-22081 medium 5.3 5.3 3y ago RHSA-2024:0866: java-1.8.0-ibm security update (Moderate)
CVE-2023-4647 medium 5.3 5.3 3y ago An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which t…
CVE-2023-4002 medium 5.3 5.3 3y ago An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was…
CVE-2023-4008 medium 5.3 5.3 3y ago An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It …
CVE-2023-35699 medium 5.3 5.3 3y ago Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.
CVE-2023-35698 medium 5.3 5.3 3y ago Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt.
CVE-2023-35697 medium 5.3 5.3 3y ago Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials.
CVE-2023-31409 medium 5.3 5.3 3y ago Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability o…
CVE-2023-31408 medium 5.3 5.3 3y ago Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to potentially steal us…
CVE-2023-23449 medium 5.3 5.3 3y ago Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid us…
CVE-2023-23448 medium 5.3 5.3 3y ago Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain informat…
CVE-2023-21830 medium 5.3 5.3 3y ago RHSA-2023:0208: java-1.8.0-openjdk security and bug fix update (Moderate)
CVE-2023-21835 medium 5.3 5.3 3y ago RHSA-2023:0200: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-22041 medium 5.1 5.1 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)