CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/06/13 2:15 a.m.•14 views

CVE-2023-2351

6.5CVSS6AI score0.0064EPSS

Prion•added 2023/06/13 2:15 a.m.•13 views

Design/Logic Flaw

4CVSS4.4AI score0.0064EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2023/06/13 1:48 a.m.•16 views

CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

6.5CVSS6.7AI score0.0064EPSS

Cvelist•added 2023/06/13 1:48 a.m.•36 views

CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

6.5CVSS6.2AI score0.0064EPSS

ATTACKERKB•added 2023/06/09 1:15 p.m.•2 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS5.9AI score0.00386EPSS

OSV•added 2023/06/09 1:15 p.m.•2 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS7.3AI score

OSV•added 2023/06/09 1:15 p.m.•3 views

CVE-2023-2284

4.3CVSS7.3AI score0.00386EPSS

NVD•added 2023/06/09 1:15 p.m.•12 views

CVE-2023-2284

4.3CVSS4.3AI score0.00386EPSS

NVD•added 2023/06/09 1:15 p.m.•27 views

CVE-2023-2261

4.3CVSS4.3AI score0.00552EPSS

Prion•added 2023/06/09 1:15 p.m.•21 views

Authorization

4CVSS4.4AI score0.00552EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/06/09 12:32 p.m.•20 views

CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration

4.3CVSS6.6AI score0.00552EPSS

CVE•added 2023/06/09 12:32 p.m.•65 views

CVE-2023-2284

CVE-2023-2284 (and related 2285) affects the WP Activity Log Premium plugin for WordPress. The issue is an unauthorized modification of data caused by a missing capability check in the ajax_switch_db function, affecting versions up to 4.5.0. Authenticated users with subscriber-level privileges or...

4.3CVSS4.6AI score0.00386EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/06/09 12:32 p.m.•10 views

CVE-2023-2284 WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db

4.3CVSS6.6AI score0.00386EPSS

Cvelist•added 2023/06/09 12:32 p.m.•32 views

CVE-2023-2284 WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db

4.3CVSS4.6AI score0.00386EPSS

Microsoft CVE•added 2023/06/09 7:0 a.m.•2 views

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands compromising the confidentiality integrity and availability of Bluetooth communication.

...

6.8CVSS7.2AI score0.0147EPSS

Exploits2

OSV•added 2023/06/09 6:16 a.m.•2 views

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS7.4AI score0.00508EPSS

NVD•added 2023/06/09 6:16 a.m.•19 views

CVE-2023-2764

4.3CVSS4.4AI score0.00508EPSS