U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-48321 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: f... read CVE-2023-48321
    Published: November 30, 2023; 12:15:12 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48320 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22.
    Published: November 30, 2023; 12:15:12 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-48317 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.
    Published: November 30, 2023; 12:15:11 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48278 - Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.
    Published: November 30, 2023; 12:15:11 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-48272 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.
    Published: November 30, 2023; 12:15:11 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-47877 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.
    Published: November 30, 2023; 12:15:11 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-47876 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.
    Published: November 30, 2023; 12:15:11 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-47875 - Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.
    Published: November 30, 2023; 12:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-47872 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.
    Published: November 30, 2023; 12:15:10 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-47853 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gami... read CVE-2023-47853
    Published: November 30, 2023; 12:15:10 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-6026 - A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.
    Published: November 30, 2023; 9:15:13 AM -0500

    V3.1: 9.1 CRITICAL

  • CVE-2023-6027 - A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue ari... read CVE-2023-6027
    Published: November 30, 2023; 9:15:14 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-6136 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.0.
    Published: November 30, 2023; 9:15:14 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-37972 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.
    Published: November 30, 2023; 10:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-40211 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.
    Published: November 30, 2023; 10:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-40600 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
    Published: November 30, 2023; 10:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-40662 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15.
    Published: November 30, 2023; 10:15:08 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-41735 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email posts to subscribers.This issue affects Email posts to subscribers: from n/a through 6.2.
    Published: November 30, 2023; 10:15:08 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-44150 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membe... read CVE-2023-44150
    Published: November 30, 2023; 10:15:08 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-45066 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1.
    Published: November 30, 2023; 10:15:08 AM -0500

    V3.1: 7.5 HIGH