Marco Wotschka

Title	CVE ID	CVSS	Vector	Date
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-4021	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2023-4920	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation	CVE-2023-4935	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion	CVE-2023-4935	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion	CVE-2023-4923	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion	CVE-2023-4924	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion	CVE-2023-4926	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation	CVE-2023-4942	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation	CVE-2023-4943	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation	CVE-2023-4940	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation	CVE-2023-4937	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation	CVE-2023-4941	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation	CVE-2023-4938	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 25, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe	CVE-2023-4668	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 22, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax	CVE-2023-4645	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 22, 2023
Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update	CVE-2023-4975	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 18, 2023
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries	CVE-2023-4386	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	September 13, 2023
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-4648	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 13, 2023
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products	CVE-2023-4402	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	September 13, 2023
Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion	CVE-2023-4488	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 12, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation