LiveActive security incident?Get immediate response
CVE archive

November 2023

Browse CVE records published in November 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2410 matching CVEs · Page 2 of 49.

Critical · CVSS 9.8

CVE-2023-45074: WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.

Published Nov 6, 2023 · Updated Apr 29, 2026

Medium · CVSS 6.5

CVE-2023-5825: Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.

Published Nov 6, 2023 · Updated Apr 29, 2026

High · CVSS 7.1

CVE-2023-48752: WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms: from n/a through 1.25.9.

Published Nov 30, 2023 · Updated Apr 28, 2026

High · CVSS 7.1

CVE-2023-48746: WordPress Community by PeepSo Plugin <= 6.2.6.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.

Published Nov 30, 2023 · Updated Apr 28, 2026

High · CVSS 7.1

CVE-2023-48322: WordPress eDoc Employee Job Application Plugin <= 1.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for Employees: from n/a through 1.13.

Published Nov 30, 2023 · Updated Apr 28, 2026

Medium · CVSS 6.5

CVE-2023-47853: WordPress myCred Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.

Published Nov 30, 2023 · Updated Apr 28, 2026

Medium · CVSS 6.5

CVE-2023-47850: WordPress Community by PeepSo Plugin <= 6.2.2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.

Published Nov 30, 2023 · Updated Apr 28, 2026