Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-31851
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-17
CVE-2023-31853
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-07-17
CVE-2023-34005
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36511
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36513
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36514
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3245
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3376
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-17
CVE-2023-2636
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber
CVSS Score
8.8
EPSS Score
0.046
Published
2023-07-17
CVE-2023-2701
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved