Security Vulnerabilities - CVEs Published In May 2023
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-20
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-05-20
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-05-20
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-20
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-20
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-20
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-20