Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32124 1 Arulprasadj 1 Publish Confirm Message 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.
CVE-2023-32122 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
CVE-2023-32119 1 Wpo365 1 Mail Integration For Office 365 \/ Outlook 2024-11-21 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.
CVE-2023-32118 1 Wpoperation 1 Salert - Fake Sales Notification Woocommerce 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperation SALERT – Fake Sales Notification WooCommerce plugin <= 1.2.1 versions.
CVE-2023-32116 1 Totalpress 1 Custom Post Types 2024-11-21 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.
CVE-2023-32109 1 Eduva 1 Albo Pretorio Online 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVE-2023-32108 1 Eduva 1 Albo Pretorio Online 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.
CVE-2023-32107 1 Ays-pro 1 Photo Gallery 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
CVE-2023-32105 1 Wp-pizza 1 Wppizza 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions.
CVE-2023-32104 1 Target-info 1 Mycurator Content Curation 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
CVE-2023-32103 1 Themepalace 1 Tp Education 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions.
CVE-2023-32102 1 Pexlechris 1 Library Viewer 2024-11-21 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions.
CVE-2023-32091 1 Poeditor 1 Poeditor 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
CVE-2023-32090 2 Pega, Pegasystems 2 Pega Platform, Pega Platform 2024-11-21 9.8 Critical
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
CVE-2023-32089 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
CVE-2023-32088 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
CVE-2023-32087 1 Pega 1 Platform 2024-11-21 4.6 Medium
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
CVE-2023-32065 1 Oroinc 1 Orocommerce 2024-11-21 5.8 Medium
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
CVE-2023-32064 1 Oroinc 1 Orocommerce 2024-11-21 5 Medium
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.
CVE-2023-32063 1 Oroinc 1 Client Relationship Management 2024-11-21 5 Medium
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.