Security Vulnerabilities - CVEs Published In June 2023
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-13
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-13
Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-06-12
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-06-12
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVSS Score
7.8
EPSS Score
0.006
Published
2023-06-12
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVSS Score
9.8
EPSS Score
0.023
Published
2023-06-12
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVSS Score
8.8
EPSS Score
0.024
Published
2023-06-12
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVSS Score
8.8
EPSS Score
0.024
Published
2023-06-12
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
CVSS Score
8.8
EPSS Score
0.024
Published
2023-06-12
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-12