CVEs from 2023
Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28165 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPre… | |||
| CVE-2023-27625 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | |||
| CVE-2023-25993 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | |||
| CVE-2023-25486 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | |||
| CVE-2023-25067 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through… | |||
| CVE-2023-25037 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact For… | |||
| CVE-2023-25026 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce:… | |||
| CVE-2023-23823 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a th… | |||
| CVE-2023-23725 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | |||
| CVE-2023-23716 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: … | |||
| CVE-2023-22708 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: fro… | |||
| CVE-2023-47828 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | |||
| CVE-2023-40209 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | |||
| CVE-2023-25030 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | |||
| CVE-2023-44472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | |||
| CVE-2023-6121 | medium | 4.3 | 4.3 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2023-52220 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | |||
| CVE-2023-41864 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. | |||
| CVE-2023-25043 | medium | 4.3 | 4.3 | 2y ago | Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | |||
| CVE-2023-51499 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | |||
| CVE-2023-49838 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTh… | |||
| CVE-2023-33923 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from … | |||
| CVE-2023-30480 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | |||
| CVE-2023-51525 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4. | |||
| CVE-2023-51692 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | |||
| CVE-2023-23882 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||
| CVE-2023-34379 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||
| CVE-2023-49746 | medium | 4.3 | 4.3 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through… | |||
| CVE-2023-37890 | medium | 4.3 | 4.3 | 3y ago | Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subsc… | |||
| CVE-2023-47233 | medium | 4.3 | 4.3 | 3y ago | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers… | |||
| CVE-2023-2886 | medium | 4.3 | 4.3 | 3y ago | Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-23992 | medium | 4.3 | 4.3 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | |||
| CVE-2023-7346 | medium | 4.0 | 4.0 | 17d ago | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m… |