Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2022-47170
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.48 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-28
CVE-2023-25704
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin <= 1.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-28
CVE-2022-46863
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-28
CVE-2022-45825
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-03-28
CVE-2022-45831
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-03-28
CVE-2022-46848
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-28
CVE-2022-46855
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP Darko Responsive Pricing Table plugin <= 5.1.6 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-28
CVE-2023-23330
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-28
CVE-2023-25262
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-28
CVE-2023-27700
MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved