CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47458
https://notcve.org/view.php?id=CVE-2023-47458
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. • http://springblade.com https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a https://gitee.com/smallc/SpringBlade • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41543
https://notcve.org/view.php?id=CVE-2023-41543
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. • https://mp.weixin.qq.com/s/q6R-kaN4XS5d_cgWtq46vw https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41543%28JeecgBoot_sql%29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41542
https://notcve.org/view.php?id=CVE-2023-41542
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. • https://pho3n1x-web.github.io/2023/09/15/CVE-2023-41542%28JeecgBoot_sql%29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51484 – WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51484
This makes it possible for unauthenticated attackers to login as another user and escalate their privileges. • https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51424 – WordPress WebinarIgnition plugin <= 3.05.0 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51424
This makes it possible for unauthenticated attackers to escalate their privileges. • https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •