Security Vulnerabilities - CVEs Published In March 2023
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-03-14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin <= 1.1 versions.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-03-14
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.
CVSS Score
4.9
EPSS Score
0.007
Published
2023-03-14
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.
CVSS Score
9.6
EPSS Score
0.003
Published
2023-03-14
SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity
CVSS Score
8.7
EPSS Score
0.006
Published
2023-03-14