Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2022-46866
Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2022-47135
Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2022-47138
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2022-47139
Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-25
CVE-2022-47159
Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2022-47164
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-25
CVE-2022-41635
Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-25
CVE-2022-46907
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
CVSS Score
6.1
EPSS Score
0.037
Published
2023-05-25
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
CVSS Score
9.8
EPSS Score
0.901
Published
2023-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved