Security Vulnerabilities - CVEs Published In June 2023
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-06-07
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS Score
9.8
EPSS Score
0.05
Published
2023-06-07
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS Score
9.8
EPSS Score
0.036
Published
2023-06-07
An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-06-07
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
CVSS Score
8.8
EPSS Score
0.615
Published
2023-06-07
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.
CVSS Score
8.8
EPSS Score
0.465
Published
2023-06-07
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-07
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-06-07
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-06-06
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-06-06