Security Vulnerabilities - CVEs Published In February 2023
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
CVSS Score
5.4
EPSS Score
0.117
Published
2023-02-27
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-02-27
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-02-27
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-02-27
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-27
A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-27
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-27
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-27
The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-27
The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-27