Security Vulnerabilities - CVEs Published In January 2024
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-01-16
The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)
CVSS Score
8.8
EPSS Score
0.007
Published
2024-01-16
The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-01-16
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.001
Published
2024-01-16
The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-01-16
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-01-16
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVSS Score
5.4
EPSS Score
0.002
Published
2024-01-16
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-01-16
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-01-16
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
CVSS Score
8.3
EPSS Score
0.003
Published
2024-01-16