Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...
7.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through...
8.2CVSS
0.0004EPSS
CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through...
5.4CVSS
0.0004EPSS
CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...
7.3CVSS
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...
7.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through...
8.2CVSS
0.0004EPSS
CVE-2023-44148 WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through...
5.4CVSS
0.0004EPSS
CVE-2023-44148 WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2023-44151 WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
CVE-2023-44151 WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through...
5.4CVSS
0.0004EPSS
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...
8.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...
6.5CVSS
0.0004EPSS
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...
8.5CVSS
8.5AI Score
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
6.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
8.2CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
8.2CVSS
8.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
7.5CVSS
7.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
6.3CVSS
6.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through...
8.3CVSS
8.3AI Score
0.0004EPSS
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through...
8.3CVSS
0.0004EPSS
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through...
8.3CVSS
0.0004EPSS
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through...
8.3CVSS
6.9AI Score
0.0004EPSS
CVE-2023-47788 WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
7.5CVSS
0.0004EPSS
New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes...
7.2AI Score
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
8.2CVSS
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
8.2CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
6.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...
6.3CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through...
6.5CVSS
0.0004EPSS
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...
8.5CVSS
7AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...
8.5CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
4.3CVSS
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through...
4.3CVSS
0.0004EPSS
The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output.....
6.4CVSS
5.8AI Score
0.001EPSS
The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output.....
6.4CVSS
0.001EPSS
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.4AI Score
0.0004EPSS
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
0.0004EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . This makes it...
6.4CVSS
0.001EPSS
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5.9AI Score
0.0004EPSS