Security Vulnerabilities - CVEs Published In July 2023
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-10
The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.003
Published
2023-07-10
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-07-10
The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-07-10
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-10
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
CVSS Score
5.3
EPSS Score
0.776
Published
2023-07-10
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.003
Published
2023-07-10
Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.
CVSS Score
8.6
EPSS Score
0.002
Published
2023-07-10
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing
unauthenticated endpoints.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-07-10
Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a
remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-10