• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0685
Wicked Folders, Wickedplugins
Wicked_folders
2023-02-10
N/A
4.3 MEDIUM
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..
CVE-2023-0684
Wicked Folders, Wickedplugins
Wicked_folders
2023-02-10
N/A
4.3 MEDIUM
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.
CVE-2023-0680
2023-02-12
N/A
N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2023-0679
Canteen Management System Project
Canteen_management_system
2023-02-13
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.
CVE-2023-0678
Phpipam
2023-02-13
N/A
5.3 MEDIUM
Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0677
Phpipam
2023-02-12
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0676
Phpipam
2023-02-12
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0675
Calendar Event Management System Project
Calendar_event_management_system
2023-02-12
N/A
8.8 HIGH
A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.
CVE-2023-0674
Xuxueli, Xxl-job
Xxl-conf, Xxl-job
2023-02-14
N/A
6.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.
CVE-2023-0673
Online Eyewear Shop Project
Online_eyewear_shop
2023-02-12
N/A
9.8 CRITICAL
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.
« Previous 1 … 11,219 11,220 11,221 11,222 11,223 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE