Security Vulnerabilities - CVEs Published In January 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-01-31
Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-01-31
Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-01-31
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-01-31
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-01-31
A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-01-31
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-01-31
SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-31
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects
Apache ServiceComb Service-Center
before 2.1.0 (include).
Users are recommended to upgrade to version 2.2.0, which fixes the issue.
CVSS Score
5.8
EPSS Score
0.0
Published
2024-01-31
Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include).
Users are recommended to upgrade to version 2.2.0, which fixes the issue.
CVSS Score
7.6
EPSS Score
0.583
Published
2024-01-31