Latest vulnerabilities of Wednesday, November 22, 2023

Latest vulnerabilities of Wednesday, November 22, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 11/22/2023 at 11:57:08 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-5047

First published on : 22-11-2023 12:15:22
Last modified on : 22-11-2023 13:56:48

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006.

CVE ID : CVE-2023-5047
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0651 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-2889

First published on : 22-11-2023 14:15:10
Last modified on : 22-11-2023 15:12:25

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: through 20231122. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-2889
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-23-0653 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Source : wordfence.com

Vulnerability ID : CVE-2023-2437

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 18:15:08

Description :
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.

CVE ID : CVE-2023-2437
Source : security@wordfence.com
CVSS Score : 9.8

References :
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html | source : security@wordfence.com
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2449

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 18:15:08

Description :
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.

CVE ID : CVE-2023-2449
Source : security@wordfence.com
CVSS Score : 9.8

References :
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html | source : security@wordfence.com
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve | source : security@wordfence.com


(30) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-2440

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 17:31:59

Description :
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-2440
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2497

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 17:31:59

Description :
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-2497
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5465

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-5465
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2985560/popup-with-fancybox#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5466

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-5466
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6009

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 18:15:09

Description :
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

CVE ID : CVE-2023-6009
Source : security@wordfence.com
CVSS Score : 8.8

References :
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html | source : security@wordfence.com
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5815

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:47

Description :
The News & Blog Designer Pack โ€“ WordPress Blog Plugin โ€” (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.

CVE ID : CVE-2023-5815
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/plugins/blog-designer-pack/ | source : security@wordfence.com
https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5822

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 17:31:47

Description :
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.

CVE ID : CVE-2023-5822
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L828 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L855 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L904 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6007

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 17:31:47

Description :
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.

CVE ID : CVE-2023-6007
Source : security@wordfence.com
CVSS Score : 7.3

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2841

First published on : 22-11-2023 16:15:09
Last modified on : 22-11-2023 17:31:59

Description :
The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2023-2841
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve | source : security@wordfence.com


Source : patchstack.com

Vulnerability ID : CVE-2023-47781

First published on : 22-11-2023 19:15:08
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <= 3.24.2 versions.

CVE ID : CVE-2023-47781
Source : audit@patchstack.com
CVSS Score : 8.8

References :
https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27451

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions.

CVE ID : CVE-2023-27451
Source : audit@patchstack.com
CVSS Score : 7.2

References :
https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-47785

First published on : 22-11-2023 19:15:08
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions.

CVE ID : CVE-2023-47785
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-30496

First published on : 22-11-2023 20:15:08
Last modified on : 22-11-2023 20:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.

CVE ID : CVE-2023-30496
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/bus-ticket-booking-with-seat-reservation/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47766

First published on : 22-11-2023 22:15:07
Last modified on : 22-11-2023 22:15:07

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.

CVE ID : CVE-2023-47766
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47767

First published on : 22-11-2023 22:15:07
Last modified on : 22-11-2023 22:15:07

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

CVE ID : CVE-2023-47767
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47768

First published on : 22-11-2023 22:15:07
Last modified on : 22-11-2023 22:15:07

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.

CVE ID : CVE-2023-47768
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47773

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.

CVE ID : CVE-2023-47773
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : emc.com

Vulnerability ID : CVE-2023-43082

First published on : 22-11-2023 17:15:18
Last modified on : 22-11-2023 17:31:47

Description :
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

CVE ID : CVE-2023-43082
Source : security_alert@emc.com
CVSS Score : 8.6

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-295


Source : 96d4e157-0bf0-48b3-8efd-382c68caf4e0

Vulnerability ID : CVE-2023-6263

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.

CVE ID : CVE-2023-6263
Source : 96d4e157-0bf0-48b3-8efd-382c68caf4e0
CVSS Score : 8.3

References :
https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing | source : 96d4e157-0bf0-48b3-8efd-382c68caf4e0

Vulnerability : CWE-290


Source : incibe.es

Vulnerability ID : CVE-2023-3103

First published on : 22-11-2023 12:15:22
Last modified on : 22-11-2023 13:56:48

Description :
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.

CVE ID : CVE-2023-3103
Source : cve-coordination@incibe.es
CVSS Score : 8.0

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1 | source : cve-coordination@incibe.es

Vulnerability : CWE-290


Vulnerability ID : CVE-2023-6252

First published on : 22-11-2023 14:15:10
Last modified on : 22-11-2023 15:12:25

Description :
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.

CVE ID : CVE-2023-6252
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-chameleon-power-products | source : cve-coordination@incibe.es

Vulnerability : CWE-35


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-35127

First published on : 22-11-2023 01:15:07
Last modified on : 22-11-2023 03:36:37

Description :
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.

CVE ID : CVE-2023-35127
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-40152

First published on : 22-11-2023 01:15:08
Last modified on : 22-11-2023 03:36:37

Description :
When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.

CVE ID : CVE-2023-40152
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-5299

First published on : 22-11-2023 01:15:08
Last modified on : 22-11-2023 03:36:37

Description :
A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.

CVE ID : CVE-2023-5299
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.3

References :
https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-284


Source : checkmk.com

Vulnerability ID : CVE-2023-6156

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

CVE ID : CVE-2023-6156
Source : security@checkmk.com
CVSS Score : 7.6

References :
https://checkmk.com/werk/16221 | source : security@checkmk.com

Vulnerability : CWE-140


Vulnerability ID : CVE-2023-6157

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.

CVE ID : CVE-2023-6157
Source : security@checkmk.com
CVSS Score : 7.6

References :
https://checkmk.com/werk/16221 | source : security@checkmk.com

Vulnerability : CWE-140


Source : usom.gov.tr

Vulnerability ID : CVE-2023-5983

First published on : 22-11-2023 12:15:22
Last modified on : 22-11-2023 13:56:48

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.

CVE ID : CVE-2023-5983
Source : iletisim@usom.gov.tr
CVSS Score : 7.2

References :
https://www.usom.gov.tr/bildirim/tr-23-0652 | source : iletisim@usom.gov.tr

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-5921

First published on : 22-11-2023 09:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.

CVE ID : CVE-2023-5921
Source : iletisim@usom.gov.tr
CVSS Score : 7.1

References :
https://www.usom.gov.tr/bildirim/tr-23-0650 | source : iletisim@usom.gov.tr

Vulnerability : CWE-841


Source : github.com

Vulnerability ID : CVE-2023-48705

First published on : 22-11-2023 16:15:09
Last modified on : 22-11-2023 17:31:59

Description :
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.

CVE ID : CVE-2023-48705
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html | source : security-advisories@github.com
https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe | source : security-advisories@github.com
https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d | source : security-advisories@github.com
https://github.com/nautobot/nautobot/pull/4832 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/pull/4833 | source : security-advisories@github.com
https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr | source : security-advisories@github.com

Vulnerability : CWE-79


Source : elastic.co

Vulnerability ID : CVE-2021-37942

First published on : 22-11-2023 02:15:42
Last modified on : 22-11-2023 03:36:37

Description :
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

CVE ID : CVE-2021-37942
Source : bressers@elastic.co
CVSS Score : 7.0

References :
https://discuss.elastic.co/t/apm-java-agent-security-update/291355 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-269


(78) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : elastic.co

Vulnerability ID : CVE-2021-22142

First published on : 22-11-2023 01:15:07
Last modified on : 22-11-2023 03:36:37

Description :
Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to conduct further attacks. Kibana contains a number of protections to prevent this browser from rendering arbitrary content.

CVE ID : CVE-2021-22142
Source : bressers@elastic.co
CVSS Score : 6.6

References :
https://discuss.elastic.co/t/elastic-stack-7-13-0-and-6-8-16-security-update/273964/1 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-1104


Vulnerability ID : CVE-2021-22150

First published on : 22-11-2023 01:15:07
Last modified on : 22-11-2023 03:36:37

Description :
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server.

CVE ID : CVE-2021-22150
Source : bressers@elastic.co
CVSS Score : 6.6

References :
https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-94


Vulnerability ID : CVE-2023-46673

First published on : 22-11-2023 10:15:08
Last modified on : 22-11-2023 13:56:48

Description :
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

CVE ID : CVE-2023-46673
Source : bressers@elastic.co
CVSS Score : 6.5

References :
https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-755


Vulnerability ID : CVE-2021-37937

First published on : 22-11-2023 02:15:42
Last modified on : 22-11-2023 03:36:37

Description :
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account could escalate themselves to a super-user.

CVE ID : CVE-2021-37937
Source : bressers@elastic.co
CVSS Score : 5.9

References :
https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-269


Source : wordfence.com

Vulnerability ID : CVE-2023-2446

First published on : 22-11-2023 08:15:07
Last modified on : 22-11-2023 18:15:08

Description :
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.

CVE ID : CVE-2023-2446
Source : security@wordfence.com
CVSS Score : 6.5

References :
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html | source : security@wordfence.com
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2448

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 18:15:08

Description :
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.

CVE ID : CVE-2023-2448
Source : security@wordfence.com
CVSS Score : 6.5

References :
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html | source : security@wordfence.com
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5382

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:59

Description :
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5382
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/72e4428b-d2cd-471f-9821-947f4601fd64?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5386

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.

CVE ID : CVE-2023-5386
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5048

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5048
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/contact-form-builder/tags/1.0.72/frontend/views/CFMViewForm_maker.php#L102 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5096

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5096
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/2985200/hk-filter-and-search | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5128

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5128
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L154 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/tcd-google-maps/trunk/design-plus-google-maps.php?rev=2700917#L169 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5163

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5163
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L838 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L844 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L845 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L858 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/weather-atlas/tags/1.2.1/includes/class-weather-atlas.php#L860 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5234

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5234
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/woo-related-products-refresh-on-reload/tags/3.3.15/woo-related-products.php#L303 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2988185/woo-related-products-refresh-on-reload | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a98498b8-9397-42e9-9c99-a576975c9ac9?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5338

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:59

Description :
The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5338
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/theme-blvd-shortcodes/tags/1.6.8/includes/class-tb-column-shortcode.php#L97 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5469

First published on : 22-11-2023 16:15:13
Last modified on : 22-11-2023 17:31:52

Description :
The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5469
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/drop-shadow-boxes/tags/1.7.12/dropshadowboxes.php#L319 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2998610/drop-shadow-boxes#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5662

First published on : 22-11-2023 16:15:13
Last modified on : 22-11-2023 17:31:52

Description :
The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5662
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-sponsors/tags/3.5.0/includes/class-wp-sponsors-shortcodes.php#L267 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4af04219-26c5-401d-94ef-11d2321f98bf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5664

First published on : 22-11-2023 16:15:13
Last modified on : 22-11-2023 17:31:52

Description :
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9.

CVE ID : CVE-2023-5664
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/garden-gnome-package/tags/2.2.5/include/ggpackage.php#L284 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2987987/garden-gnome-package#file1 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2988944/garden-gnome-package#file1 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7385c7-47de-4511-b474-7415c3977aa8?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5667

First published on : 22-11-2023 16:15:13
Last modified on : 22-11-2023 17:31:52

Description :
The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5667
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/tabs-pro/trunk/theme/tab-shortcode-ultimate-themes.php?rev=2406144#L87 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2982005/tabs-pro#file23 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5704

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:52

Description :
The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5704
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/cpo-shortcodes/trunk/shortcodes/shortcode-testimonial.php?rev=2413204#L38 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5706

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:52

Description :
The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5706
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L50 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L54 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/vk-blocks/tags/1.63.0.1/inc/vk-blocks/build/blocks/ancestor-page-list/index.php#L57 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2983202/vk-blocks/trunk/inc/vk-blocks/build/blocks/ancestor-page-list/index.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5708

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:52

Description :
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5708
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-post-columns/trunk/wp_post_columns.php?rev=112013#L59 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5742

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:47

Description :
The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5742
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/easyrotator-for-wordpress/tags/1.0.14/easyrotator.php#L1913 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3041e28e-d965-4672-ab10-8b1f3d874f19?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6008

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 17:31:47

Description :
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.

CVE ID : CVE-2023-6008
Source : security@wordfence.com
CVSS Score : 6.3

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6e2b9e-3d70-4c07-a779-45164816b89c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2447

First published on : 22-11-2023 08:15:07
Last modified on : 22-11-2023 13:56:48

Description :
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-2447
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-2438

First published on : 22-11-2023 16:15:08
Last modified on : 22-11-2023 17:31:59

Description :
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-2438
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4726

First published on : 22-11-2023 16:15:09
Last modified on : 22-11-2023 17:31:59

Description :
The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-4726
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2991103%40ultimate-dashboard%2Ftrunk&old=2958955%40ultimate-dashboard%2Ftrunk&sfp_email=&sfph_mail=#file5 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5715

First published on : 22-11-2023 16:15:14
Last modified on : 22-11-2023 17:31:52

Description :
The Website Optimization โ€“ Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2023-5715
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/browser/plerdy-heatmap/trunk/plerdy_heatmap_tracking.php#L132 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2989840%40plerdy-heatmap&new=2989840%40plerdy-heatmap&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/db18ac07-2e7a-466d-b00c-a598401f8633?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4686

First published on : 22-11-2023 16:15:09
Last modified on : 22-11-2023 17:31:59

Description :
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.

CVE ID : CVE-2023-4686
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/wp-customer-reviews/trunk/include/admin/wp-customer-reviews-3-admin.php?rev=2617376#L866 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/2965656/wp-customer-reviews/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5314

First published on : 22-11-2023 16:15:10
Last modified on : 22-11-2023 17:31:59

Description :
The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.

CVE ID : CVE-2023-5314
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2977703/wp-extra | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5383

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5383
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5385

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.

CVE ID : CVE-2023-5385
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5387

First published on : 22-11-2023 16:15:11
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.

CVE ID : CVE-2023-5387
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb34b44-9fa4-4ebe-b217-b2a42920247f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5411

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.

CVE ID : CVE-2023-5411
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5415

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.

CVE ID : CVE-2023-5415
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5416

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.

CVE ID : CVE-2023-5416
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5417

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.

CVE ID : CVE-2023-5417
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5419

First published on : 22-11-2023 16:15:12
Last modified on : 22-11-2023 17:31:52

Description :
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.

CVE ID : CVE-2023-5419
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/64248d15-e6a7-442f-b269-e9f629d297d3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-5537

First published on : 22-11-2023 16:15:13
Last modified on : 22-11-2023 17:31:52

Description :
The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2023-5537
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/delete-usermetas/trunk/delete-usermetas.php#L57 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2979918%40delete-usermetas&new=2979918%40delete-usermetas&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=cve | source : security@wordfence.com


Source : patchstack.com

Vulnerability ID : CVE-2023-47755

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.

CVE ID : CVE-2023-47755
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47786

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions.

CVE ID : CVE-2023-47786
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47808

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions.

CVE ID : CVE-2023-47808
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/add-widgets-to-page/wordpress-add-widgets-to-page-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-47759

First published on : 22-11-2023 20:15:09
Last modified on : 22-11-2023 20:15:09

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Chaty plugin <= 3.1.2 versions.

CVE ID : CVE-2023-47759
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/chaty/wordpress-chaty-plugin-3-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-26532

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.

CVE ID : CVE-2023-26532
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/accesspress-facebook-auto-post/wordpress-social-auto-poster-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-26535

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.

CVE ID : CVE-2023-26535
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/sheets-to-wp-table-live-sync/wordpress-sheets-to-wp-table-live-sync-plugin-2-12-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27442

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

CVE ID : CVE-2023-27442
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27453

First published on : 22-11-2023 14:15:09
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.

CVE ID : CVE-2023-27453
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-28747

First published on : 22-11-2023 14:15:10
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.

CVE ID : CVE-2023-28747
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-26542

First published on : 22-11-2023 15:15:08
Last modified on : 22-11-2023 17:32:02

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions.

CVE ID : CVE-2023-26542
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47758

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.

CVE ID : CVE-2023-47758
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-39925

First published on : 22-11-2023 19:15:08
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.

CVE ID : CVE-2023-39925
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/peepso-core/wordpress-peepso-plugin-6-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47824

First published on : 22-11-2023 20:15:09
Last modified on : 22-11-2023 20:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages โ€“ Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions.

CVE ID : CVE-2023-47824
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/legal-pages/wordpress-legal-pages-plugin-1-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-28749

First published on : 22-11-2023 13:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.

CVE ID : CVE-2023-28749
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/cm-on-demand-search-and-replace/wordpress-cm-on-demand-search-and-replace-plugin-1-3-0-cross-site-request-forgery-csrf?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27444

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.

CVE ID : CVE-2023-27444
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27446

First published on : 22-11-2023 14:15:08
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.1.4 versions.

CVE ID : CVE-2023-27446
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wpdeepl/wordpress-deepl-api-translation-plugin-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27457

First published on : 22-11-2023 14:15:09
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.

CVE ID : CVE-2023-27457
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/add-expires-headers/wordpress-add-expires-headers-optimized-minify-plugin-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27458

First published on : 22-11-2023 14:15:09
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.

CVE ID : CVE-2023-27458
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wpstream/wordpress-wpstream-live-streaming-video-on-demand-pay-per-view-plugin-4-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27461

First published on : 22-11-2023 14:15:09
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.

CVE ID : CVE-2023-27461
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/when-last-login/wordpress-when-last-login-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-27633

First published on : 22-11-2023 14:15:09
Last modified on : 22-11-2023 15:12:25

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify โ€“ Intuitive Website Styling plugin <= 2.10.4 versions.

CVE ID : CVE-2023-27633
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/customify/wordpress-customify-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25986

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen โ€“ Ancienne version plugin <= 4.10.2 versions.

CVE ID : CVE-2023-25986
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/paygreen-woocommerce/wordpress-paygreen-plugin-4-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-25987

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uroลกevi? My YouTube Channel plugin <= 3.23.3 versions.

CVE ID : CVE-2023-25987
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/youtube-channel/wordpress-my-youtube-channel-plugin-3-23-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47765

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.

CVE ID : CVE-2023-47765
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47775

First published on : 22-11-2023 19:15:08
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments โ€” wpDiscuz plugin <= 7.6.11 versions.

CVE ID : CVE-2023-47775
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47791

First published on : 22-11-2023 19:15:09
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.

CVE ID : CVE-2023-47791
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/leadster-marketing-conversaciona/wordpress-leadster-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47792

First published on : 22-11-2023 19:15:09
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads โ€“ Increase Maximum File Upload Size plugin <= 2.1.1 versions.

CVE ID : CVE-2023-47792
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/tuxedo-big-file-uploads/wordpress-big-file-uploads-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47819

First published on : 22-11-2023 19:15:09
Last modified on : 22-11-2023 19:46:41

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions.

CVE ID : CVE-2023-47819
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/easy-call-now/wordpress-easy-call-now-by-thikshare-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47825

First published on : 22-11-2023 20:15:09
Last modified on : 22-11-2023 20:15:09

Description :
Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions.

CVE ID : CVE-2023-47825
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : 9119a7d8-5eab-497f-8521-727c672e3725

Vulnerability ID : CVE-2023-6265

First published on : 22-11-2023 20:15:09
Last modified on : 22-11-2023 20:15:09

Description :
Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

CVE ID : CVE-2023-6265
Source : 9119a7d8-5eab-497f-8521-727c672e3725
CVSS Score : 6.5

References :
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md | source : 9119a7d8-5eab-497f-8521-727c672e3725
https://www.draytek.com/products/vigor2960/ | source : 9119a7d8-5eab-497f-8521-727c672e3725

Vulnerability : CWE-22


Source : us.ibm.com

Vulnerability ID : CVE-2023-25682

First published on : 22-11-2023 19:15:08
Last modified on : 22-11-2023 19:46:41

Description :
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034.

CVE ID : CVE-2023-25682
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/247034 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7080172 | source : psirt@us.ibm.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2022-35638

First published on : 22-11-2023 04:15:07
Last modified on : 22-11-2023 13:56:51

Description :
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.

CVE ID : CVE-2022-35638
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/230824 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7080104 | source : psirt@us.ibm.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2022-36777

First published on : 22-11-2023 19:15:07
Last modified on : 22-11-2023 19:46:41

Description :
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

CVE ID : CVE-2022-36777
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/233665 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7080058 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Source : m-files.com

Vulnerability ID : CVE-2023-6117

First published on : 22-11-2023 10:15:09
Last modified on : 22-11-2023 13:56:48

Description :
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.

CVE ID : CVE-2023-6117
Source : security@m-files.com
CVSS Score : 5.7

References :
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117/ | source : security@m-files.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-6189

First published on : 22-11-2023 10:15:09
Last modified on : 22-11-2023 13:56:48

Description :
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.

CVE ID : CVE-2023-6189
Source : security@m-files.com
CVSS Score : 4.3

References :
https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189/ | source : security@m-files.com

Vulnerability : CWE-280


Source : incibe.es

Vulnerability ID : CVE-2023-3104

First published on : 22-11-2023 12:15:22
Last modified on : 22-11-2023 13:56:48

Description :
Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.

CVE ID : CVE-2023-3104
Source : cve-coordination@incibe.es
CVSS Score : 5.7

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1 | source : cve-coordination@incibe.es

Vulnerability : CWE-306


Source : cisco.com

Vulnerability ID : CVE-2023-20240

First published on : 22-11-2023 17:15:18
Last modified on : 22-11-2023 17:31:47

Description :
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

CVE ID : CVE-2023-20240
Source : ykramarz@cisco.com
CVSS Score : 5.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20241

First published on : 22-11-2023 17:15:18
Last modified on : 22-11-2023 17:31:47

Description :
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system.

CVE ID : CVE-2023-20241
Source : ykramarz@cisco.com
CVSS Score : 5.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 | source : ykramarz@cisco.com


Vulnerability ID : CVE-2023-20084

First published on : 22-11-2023 17:15:18
Last modified on : 22-11-2023 17:31:47

Description :
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.

CVE ID : CVE-2023-20084
Source : ykramarz@cisco.com
CVSS Score : 5.0

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | source : ykramarz@cisco.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6011

First published on : 22-11-2023 09:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS.This issue affects Geodi: before 8.0.0.27396.

CVE ID : CVE-2023-6011
Source : iletisim@usom.gov.tr
CVSS Score : 5.4

References :
https://www.usom.gov.tr/bildirim/tr-23-0650 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Source : emc.com

Vulnerability ID : CVE-2023-43081

First published on : 22-11-2023 13:15:08
Last modified on : 22-11-2023 13:56:48

Description :
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.

CVE ID : CVE-2023-43081
Source : security_alert@emc.com
CVSS Score : 4.0

References :
https://www.dell.com/support/kbdoc/en-us/000219782/dsa-2023-427-security-update-for-dell-powerprotect-agent-for-file-system-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-276


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2023-48706

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

CVE ID : CVE-2023-48706
Source : security-advisories@github.com
CVSS Score : 3.6

References :
https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf | source : security-advisories@github.com
https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb | source : security-advisories@github.com
https://github.com/vim/vim/pull/13552 | source : security-advisories@github.com
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q | source : security-advisories@github.com

Vulnerability : CWE-416


Source : wordfence.com

Vulnerability ID : CVE-2023-6160

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 17:31:47

Description :
The LifterLMS โ€“ WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.

CVE ID : CVE-2023-6160
Source : security@wordfence.com
CVSS Score : 3.3

References :
https://plugins.trac.wordpress.org/changeset/2989461/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6164

First published on : 22-11-2023 16:15:15
Last modified on : 22-11-2023 17:31:47

Description :
The MainWP Dashboard โ€“ WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the โ€˜newColorโ€™ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.

CVE ID : CVE-2023-6164
Source : security@wordfence.com
CVSS Score : 2.2

References :
https://plugins.trac.wordpress.org/changeset?old_path=/mainwp/tags/4.5.1.2&old=2996628&new_path=/mainwp/tags/4.5.1.3&new=2996628&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/73980a90-bb17-46e4-a0ea-691f80500fe3?source=cve | source : security@wordfence.com


Source : elastic.co

Vulnerability ID : CVE-2021-22151

First published on : 22-11-2023 01:15:07
Last modified on : 22-11-2023 03:36:37

Description :
It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension.

CVE ID : CVE-2021-22151
Source : bressers@elastic.co
CVSS Score : 3.1

References :
https://discuss.elastic.co/t/elastic-stack-7-14-1-security-update/283077 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-22


Vulnerability ID : CVE-2021-22143

First published on : 22-11-2023 02:15:41
Last modified on : 22-11-2023 03:36:37

Description :
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.

CVE ID : CVE-2021-22143
Source : bressers@elastic.co
CVSS Score : 2.1

References :
https://discuss.elastic.co/t/elastic-apm-net-agent-1-10-0-security-update/274668 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-200


(29) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-46814

First published on : 22-11-2023 05:15:07
Last modified on : 22-11-2023 13:56:51

Description :
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

CVE ID : CVE-2023-46814
Source : cve@mitre.org
CVSS Score : /

References :
https://www.videolan.org/security/sb-vlc3019.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48161

First published on : 22-11-2023 06:15:43
Last modified on : 22-11-2023 13:56:51

Description :
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

CVE ID : CVE-2023-48161
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tacetool/TACE#cve-2023-48161 | source : cve@mitre.org
https://sourceforge.net/p/giflib/bugs/167/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47016

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:48

Description :
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

CVE ID : CVE-2023-47016
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa | source : cve@mitre.org
https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd | source : cve@mitre.org
https://github.com/radareorg/radare2/issues/22349 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47392

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:48

Description :
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

CVE ID : CVE-2023-47392
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/wwwziziyu/d0ae135b8075f6db735d75135254e7a1 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47393

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:48

Description :
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.

CVE ID : CVE-2023-47393
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/wwwziziyu/7dbf7fd43f9e304ce0819f8a9784d2c6 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47380

First published on : 22-11-2023 15:15:09
Last modified on : 22-11-2023 17:31:59

Description :
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).

CVE ID : CVE-2023-47380
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Admidio/admidio/releases/tag/v4.2.13 | source : cve@mitre.org
https://www.admidio.org/intern/adm_program/modules/announcements/announcements.php?ann_uuid=714ead2b-1718-4251-a9a3-f1b0df12d60e&headline=Blog | source : cve@mitre.org
https://www.getastra.com/blog/security-audit/reflected-xss-vulnerability-in-admidio/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47350

First published on : 22-11-2023 16:15:09
Last modified on : 22-11-2023 17:31:59

Description :
SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to Cross Site Request Forgery (CSRF).

CVE ID : CVE-2023-47350
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/SwiftyEdit/SwiftyEdit/commit/90a6f3df16cd1578b2827d7b2e073451f7ce4e47 | source : cve@mitre.org


Vulnerability ID : CVE-2023-45377

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-45377
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/transporteurs/19561-chronopost-officiel.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/21/chronopost.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-47312

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.

CVE ID : CVE-2023-47312
Source : cve@mitre.org
CVSS Score : /

References :
https://boltonshield.com/en/cve/cve-2023-47312/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47313

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.

CVE ID : CVE-2023-47313
Source : cve@mitre.org
CVSS Score : /

References :
https://boltonshield.com/en/cve/cve-2023-47313/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47314

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload.

CVE ID : CVE-2023-47314
Source : cve@mitre.org
CVSS Score : /

References :
https://boltonshield.com/en/cve/cve-2023-47314/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47315

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.

CVE ID : CVE-2023-47315
Source : cve@mitre.org
CVSS Score : /

References :
https://boltonshield.com/en/cve/cve-2023-47315/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47316

First published on : 22-11-2023 17:15:22
Last modified on : 22-11-2023 17:31:47

Description :
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

CVE ID : CVE-2023-47316
Source : cve@mitre.org
CVSS Score : /

References :
https://boltonshield.com/en/cve/cve-2023-47316/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43887

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

CVE ID : CVE-2023-43887
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133 | source : cve@mitre.org
https://github.com/strukturag/libde265/issues/418 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46357

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-46357
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-47014

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.

CVE ID : CVE-2023-47014
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47250

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack.

CVE ID : CVE-2023-47250
Source : cve@mitre.org
CVSS Score : /

References :
https://sec-consult.com/en/vulnerability-lab/advisories/index.html | source : cve@mitre.org
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/ | source : cve@mitre.org
https://www.m-privacy.de/en/tightgate-pro-safe-surfing/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47251

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.

CVE ID : CVE-2023-47251
Source : cve@mitre.org
CVSS Score : /

References :
https://sec-consult.com/en/vulnerability-lab/advisories/index.html | source : cve@mitre.org
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/ | source : cve@mitre.org
https://www.m-privacy.de/en/tightgate-pro-safe-surfing/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47467

First published on : 22-11-2023 18:15:08
Last modified on : 22-11-2023 19:00:49

Description :
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.

CVE ID : CVE-2023-47467
Source : cve@mitre.org
CVSS Score : /

References :
https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q | source : cve@mitre.org


Vulnerability ID : CVE-2023-48106

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.

CVE ID : CVE-2023-48106
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zlib-ng/minizip-ng/issues/740 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48646

First published on : 22-11-2023 18:15:09
Last modified on : 22-11-2023 19:00:49

Description :
Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

CVE ID : CVE-2023-48646
Source : cve@mitre.org
CVSS Score : /

References :
https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-49102

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2023-49102
Source : cve@mitre.org
CVSS Score : /

References :
https://nzbget.net/download | source : cve@mitre.org
https://sec.maride.cc/posts/nzbget/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-49146

First published on : 22-11-2023 22:15:08
Last modified on : 22-11-2023 22:15:08

Description :
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.

CVE ID : CVE-2023-49146
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rhukster/dom-sanitizer/commit/c2a98f27ad742668b254282ccc5581871d0fb601 | source : cve@mitre.org
https://github.com/rhukster/dom-sanitizer/compare/1.0.6...1.0.7 | source : cve@mitre.org


Source : autodesk.com

Vulnerability ID : CVE-2023-29069

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:51

Description :
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.

CVE ID : CVE-2023-29069
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0013 | source : psirt@autodesk.com


Vulnerability ID : CVE-2023-41145

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Autodesk users who no longer have an active license for an account can still access cases for that account.

CVE ID : CVE-2023-41145
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020 | source : psirt@autodesk.com


Vulnerability ID : CVE-2023-41146

First published on : 22-11-2023 07:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.

CVE ID : CVE-2023-41146
Source : psirt@autodesk.com
CVSS Score : /

References :
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020 | source : psirt@autodesk.com


Source : apache.org

Vulnerability ID : CVE-2023-37924

First published on : 22-11-2023 10:15:07
Last modified on : 22-11-2023 13:56:48

Description :
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.

CVE ID : CVE-2023-37924
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/submarine/pull/1037 | source : security@apache.org
https://issues.apache.org/jira/browse/SUBMARINE-1361 | source : security@apache.org
https://lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r | source : security@apache.org

Vulnerability : CWE-89


Source : 551230f0-3615-47bd-b7cc-93e92e730bbf

Vulnerability ID : CVE-2023-6253

First published on : 22-11-2023 12:15:22
Last modified on : 22-11-2023 13:56:48

Description :
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

CVE ID : CVE-2023-6253
Source : 551230f0-3615-47bd-b7cc-93e92e730bbf
CVSS Score : /

References :
https://r.sec-consult.com/fortra | source : 551230f0-3615-47bd-b7cc-93e92e730bbf
https://www.fortra.com/security | source : 551230f0-3615-47bd-b7cc-93e92e730bbf

Vulnerability : CWE-922


Source : devolutions.net

Vulnerability ID : CVE-2023-6264

First published on : 22-11-2023 19:15:09
Last modified on : 22-11-2023 19:46:41

Description :
Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows an unauthenticated attacker to list the configured Devolutions Gateways endpoints.

CVE ID : CVE-2023-6264
Source : security@devolutions.net
CVSS Score : /

References :
https://devolutions.net/security/advisories/DEVO-2023-0020/ | source : security@devolutions.net


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.