Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-1725
Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-30
CVE-2023-25076
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.262
Published
2023-03-30
CVE-2023-23681
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-30
CVE-2023-24399
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-30
CVE-2023-25040
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-30
CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
CVSS Score
9.8
EPSS Score
0.021
Published
2023-03-30
CVE-2023-28732
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-30
CVE-2023-28733
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-03-30
CVE-2023-23677
Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-03-30
CVE-2023-23670
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved