Security Vulnerabilities - CVEs Published In May 2023
Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-25
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-05-25