The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | -- | Jan 9, 2024 |
| CVE-2023-52323 | PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | -- | Jan 5, 2024 |
| CVE-2023-52271 | The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | -- | Jan 9, 2024 |
| CVE-2023-52225 | Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. | -- | Jan 8, 2024 |
| CVE-2023-52222 | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | -- | Jan 8, 2024 |
| CVE-2023-52219 | Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. | -- | Jan 8, 2024 |
| CVE-2023-52218 | Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. | -- | Jan 8, 2024 |
| CVE-2023-52216 | Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | -- | Jan 9, 2024 |
| CVE-2023-52215 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | -- | Jan 8, 2024 |
| CVE-2023-52213 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | -- | Jan 9, 2024 |
| CVE-2023-52208 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. | -- | Jan 8, 2024 |
| CVE-2023-52207 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | -- | Jan 8, 2024 |
| CVE-2023-52206 | Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | -- | Jan 9, 2024 |
| CVE-2023-52205 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. | -- | Jan 9, 2024 |
| CVE-2023-52204 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. | -- | Jan 9, 2024 |
| CVE-2023-52203 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5. | -- | Jan 9, 2024 |
| CVE-2023-52202 | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. | -- | Jan 9, 2024 |
| CVE-2023-52201 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1. | -- | Jan 9, 2024 |
| CVE-2023-52200 | Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | -- | Jan 9, 2024 |
| CVE-2023-52198 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. | -- | Jan 9, 2024 |
| CVE-2023-52197 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0. | -- | Jan 9, 2024 |
| CVE-2023-52196 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12. | -- | Jan 9, 2024 |
| CVE-2023-52190 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | -- | Jan 8, 2024 |
| CVE-2023-52184 | Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. | -- | Jan 5, 2024 |
| CVE-2023-52178 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7. | -- | Jan 5, 2024 |
| CVE-2023-52151 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2. | -- | Jan 10, 2024 |
| CVE-2023-52150 | Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5. | -- | Jan 5, 2024 |
| CVE-2023-52149 | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. | -- | Jan 9, 2024 |
| CVE-2023-52148 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. | -- | Jan 10, 2024 |
| CVE-2023-52146 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. | -- | Jan 5, 2024 |
| CVE-2023-52145 | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | -- | Jan 5, 2024 |
| CVE-2023-52143 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | -- | Jan 5, 2024 |
| CVE-2023-52142 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. | -- | Jan 9, 2024 |
| CVE-2023-52136 | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2. | -- | Jan 5, 2024 |
| CVE-2023-52130 | Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | -- | Jan 5, 2024 |
| CVE-2023-52129 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | -- | Jan 5, 2024 |
| CVE-2023-52128 | Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. | -- | Jan 5, 2024 |
| CVE-2023-52127 | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1. | -- | Jan 5, 2024 |
| CVE-2023-52126 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3. | -- | Jan 10, 2024 |
| CVE-2023-52125 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8. | -- | Jan 10, 2024 |
| CVE-2023-52124 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0. | -- | Jan 10, 2024 |
| CVE-2023-52123 | Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | -- | Jan 5, 2024 |
| CVE-2023-52122 | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | -- | Jan 5, 2024 |
| CVE-2023-52121 | Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. | -- | Jan 5, 2024 |
| CVE-2023-52120 | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | -- | Jan 5, 2024 |
| CVE-2023-52119 | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. | -- | Jan 5, 2024 |
| CVE-2023-52074 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | -- | Jan 9, 2024 |
| CVE-2023-52073 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | -- | Jan 9, 2024 |
| CVE-2023-52072 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | -- | Jan 9, 2024 |
| CVE-2023-51746 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | -- | Jan 9, 2024 |
