VIR Vulnerability Intelligence Relay

CVEs from 2023

6,100 normalized CVEs published or assigned in this year.

Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-49849 medium 4.3 4.3 2y ago Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.
CVE-2023-49835 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through …
CVE-2023-49758 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: fr…
CVE-2023-49754 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Po…
CVE-2023-49196 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7.
CVE-2023-49156 medium 4.3 4.3 2y ago Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
CVE-2023-48740 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Sajid Javed Easy Social Feed easy-facebook-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: …
CVE-2023-48332 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Varun Sharma Mail Bank - #1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…
CVE-2023-48277 medium 4.3 4.3 2y ago Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super …
CVE-2023-47871 medium 4.3 4.3 2y ago Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: fr…
CVE-2023-47849 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue …
CVE-2023-47841 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.
CVE-2023-47838 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 cf7-conditional-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
CVE-2023-47820 medium 4.3 4.3 2y ago Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.
CVE-2023-47793 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a…
CVE-2023-47780 medium 4.3 4.3 2y ago Missing Authorization vulnerability in flowdee EasyAzon easyazon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through <= 5.1.0.
CVE-2023-47776 medium 4.3 4.3 2y ago Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects mi…
CVE-2023-47763 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
CVE-2023-47762 medium 4.3 4.3 2y ago Missing Authorization vulnerability in WPDeveloper BetterDocs betterdocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through <= 2.5…
CVE-2023-47761 medium 4.3 4.3 2y ago Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks simple-301-redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …
CVE-2023-47756 medium 4.3 4.3 2y ago Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a th…
CVE-2023-32126 medium 4.3 4.3 2y ago Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.
CVE-2023-31073 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…
CVE-2023-30783 medium 4.3 4.3 2y ago Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a t…
CVE-2023-30486 medium 4.3 4.3 2y ago Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.
CVE-2023-30476 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2.
CVE-2023-29431 medium 4.3 4.3 2y ago Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Clea…
CVE-2023-29422 medium 4.3 4.3 2y ago Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a …
CVE-2023-28532 medium 4.3 4.3 2y ago Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from …
CVE-2023-28416 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVE-2023-28165 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPre…
CVE-2023-27625 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
CVE-2023-25993 medium 4.3 4.3 2y ago Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2023-25486 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.
CVE-2023-25067 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through…
CVE-2023-25037 medium 4.3 4.3 2y ago Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact For…
CVE-2023-25026 medium 4.3 4.3 2y ago Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce:…
CVE-2023-23823 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a th…
CVE-2023-23725 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.
CVE-2023-23716 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: …
CVE-2023-22708 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: fro…
CVE-2023-47828 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33.
CVE-2023-40209 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0.
CVE-2023-25030 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7.
CVE-2023-44472 medium 4.3 4.3 2y ago Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28.
CVE-2023-6121 medium 4.3 4.3 2y ago Important: kernel security, bug fix, and enhancement update
CVE-2023-52220 medium 4.3 4.3 2y ago Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0.
CVE-2023-41864 medium 4.3 4.3 2y ago Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0.
CVE-2023-25043 medium 4.3 4.3 2y ago Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25.
CVE-2023-51499 medium 4.3 4.3 2y ago Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
CVE-2023-49838 medium 4.3 4.3 2y ago Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTh…
CVE-2023-33923 medium 4.3 4.3 2y ago Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from …
CVE-2023-30480 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.
CVE-2023-51525 medium 4.3 4.3 2y ago Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
CVE-2023-51692 medium 4.3 4.3 2y ago Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
CVE-2023-23882 medium 4.3 4.3 2y ago Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.
CVE-2023-34379 medium 4.3 4.3 2y ago Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.
CVE-2023-49746 medium 4.3 4.3 3y ago Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through…
CVE-2023-37890 medium 4.3 4.3 3y ago Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subsc…
CVE-2023-47233 medium 4.3 4.3 3y ago The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers…
CVE-2023-2886 medium 4.3 4.3 3y ago Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE-2023-23992 medium 4.3 4.3 3y ago Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.
CVE-2023-7346 medium 4.0 4.0 18d ago Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of m…
CVE-2023-20867 low 4.0 3y ago VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the…
CVE-2023-23814 low 3.8 3.8 2y ago Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar…
CVE-2023-28168 low 3.7 3.7 2y ago Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3…
CVE-2023-5831 low 3.7 3.7 3y ago An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.…
CVE-2023-38546 low 3.7 3.7 3y ago This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application crea…
CVE-2023-22036 low 3.7 3.7 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-22045 low 3.7 3.7 3y ago Moderate: java-1.8.0-openjdk security and bug fix update
CVE-2023-22049 low 3.7 3.7 3y ago Moderate: java-1.8.0-openjdk security and bug fix update
CVE-2023-21968 low 3.7 3.7 3y ago RHSA-2023:4103: java-1.8.0-ibm security update (Important)
CVE-2023-24375 low 3.5 3.5 2y ago Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2023-29333 low 3.3 3.3 3y ago Microsoft Access Denial of Service Vulnerability
CVE-2023-5963 low 3.1 3.1 3y ago An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Ad…
CVE-2023-22006 low 3.1 3.1 3y ago RHSA-2023:4175: java-11-openjdk security and bug fix update (Moderate)
CVE-2023-4752 low 2.5 1y ago Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVE-2023-45249 unknown 2.5 2y ago Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
CVE-2023-2953 low 2.5 2y ago RHSA-2024:4264: openldap security update (Low)
CVE-2023-43208 unknown 2.5 2y ago NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request.
CVE-2023-7028 unknown 2.5 2y ago GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultima…
CVE-2023-3817 low 2.5 2y ago RHSA-2023:7877: openssl security update (Low)
CVE-2023-2975 low 2.5 2y ago Low: openssl and openssl-fips-provider security update
CVE-2023-32636 low 2.5 2y ago Low: mingw-glib2 security update
CVE-2023-3446 low 2.5 2y ago RHSA-2024:0888: edk2 security update (Low)
CVE-2023-52620 low 2.5 2.5 2y ago Important: kernel security, bug fix, and enhancement update
CVE-2023-1729 low 2.5 2y ago Low: LibRaw security update
CVE-2023-6004 low 2.5 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-6918 low 2.5 2y ago RHSA-2024:3233: libssh security update (Low)
CVE-2023-24955 unknown 2.5 2y ago Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
CVE-2023-48788 unknown 2.5 2y ago Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2023-3674 low 2.5 2y ago Low: keylime security update
CVE-2023-22527 unknown 2.5 2y ago Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
CVE-2023-29357 unknown 2.5 2y ago Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a netw…
CVE-2023-46805 unknown 2.5 2y ago Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to ac…
CVE-2023-23752 unknown 2.5 2y ago Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.
CVE-2023-7101 unknown 2.5 3y ago Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Num…
CVE-2023-49103 unknown 2.5 3y ago ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.
CVE-2023-1671 unknown 2.5 3y ago Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
CVE-2023-36845 unknown 2.5 3y ago Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment var…