Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5386 | 1 Funnelforms | 1 Funnelforms | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin. | |||||
| CVE-2023-5385 | 1 Funnelforms | 1 Funnelforms | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts. | |||||
| CVE-2023-5331 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | |||||
| CVE-2023-5321 | 1 Hamza417 | 1 Inure | 2024-11-21 | N/A | 5.5 MEDIUM |
| Missing Authorization in GitHub repository hamza417/inure prior to build94. | |||||
| CVE-2023-5311 | 1 Wpvnteam | 1 Wp Extra | 2024-11-21 | N/A | 8.8 HIGH |
| The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. | |||||
| CVE-2023-5251 | 1 G5theme | 1 Grid Plus | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. | |||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2024-11-21 | N/A | 7.1 HIGH |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | |||||
| CVE-2023-5132 | 1 Soisy | 1 Soisy Pagamento Rateale | 2024-11-21 | N/A | 7.5 HIGH |
| The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | |||||
| CVE-2023-5061 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the REST API. | |||||
| CVE-2023-5056 | 1 Redhat | 2 Enterprise Linux, Service Interconnect | 2024-11-21 | N/A | 6.8 MEDIUM |
| A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. | |||||
| CVE-2023-52713 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2023-52541 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52275 | 1 Tecno-mobile | 2 Camon X, Camon X Firmware | 2024-11-21 | N/A | 2.1 LOW |
| Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | |||||
| CVE-2023-52233 | 1 Wpexperts | 1 Post Smtp Mailer | 2024-11-21 | N/A | 8.6 HIGH |
| Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | |||||
| CVE-2023-52232 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | |||||
| CVE-2023-52230 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | |||||
| CVE-2023-52229 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0. | |||||
| CVE-2023-52227 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8. | |||||
| CVE-2023-52224 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. | |||||
| CVE-2023-52220 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. | |||||