Total
38513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25811 | 1 Uptime-kuma Project | 1 Uptime-kuma | 2024-11-21 | N/A | 6.3 MEDIUM |
| Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-25810 | 1 Uptime-kuma Project | 1 Uptime-kuma | 2024-11-21 | N/A | 6.3 MEDIUM |
| Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 7.2 HIGH |
| DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | |||||
| CVE-2023-25798 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. | |||||
| CVE-2023-25797 | 1 Vslider Multi Image Slider Project | 1 Vslider Multi Image Slider | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. | |||||
| CVE-2023-25796 | 1 Wp Baidu Submit Project | 1 Wp Baidu Submit | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. | |||||
| CVE-2023-25795 | 1 Wp-master | 1 Feed Changer \& Remover | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions. | |||||
| CVE-2023-25794 | 1 Nooz Project | 1 Nooz | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions. | |||||
| CVE-2023-25793 | 1 Link Juice Keeper Project | 1 Link Juice Keeper | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions. | |||||
| CVE-2023-25792 | 1 Wp Open Social Project | 1 Wp Open Social | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions. | |||||
| CVE-2023-25790 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | |||||
| CVE-2023-25789 | 1 Tapfiliate | 1 Tapfiliate | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. | |||||
| CVE-2023-25787 | 1 Wp Resource Download Management Project | 1 Wp Resource Download Management | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP资源下载管理 plugin <= 1.3.9 versions. | |||||
| CVE-2023-25786 | 1 Eyes Only User Access Shortcode Project | 1 Eyes Only User Access Shortcode | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. | |||||
| CVE-2023-25784 | 1 Sticky Ad Bar Project | 1 Sticky Ad Bar | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. | |||||
| CVE-2023-25783 | 1 Firecask Like \& Share Button Project | 1 Firecask Like \& Share Button | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | |||||
| CVE-2023-25782 | 1 Plustime | 1 Service Area Postcode Checker | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions. | |||||
| CVE-2023-25781 | 1 Upload File Type Settings Plugin Project | 1 Upload File Type Settings Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. | |||||
| CVE-2023-25716 | 1 Announce From The Dashboard Project | 1 Announce From The Dashboard | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions. | |||||
| CVE-2023-25713 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. | |||||