Security Vulnerabilities - CVEs Published In July 2023
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-18
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-18
Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-18
The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-07-18