Security Vulnerabilities - CVEs Published In July 2023
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-17
Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-07-17
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.
For the application to be affected, it needs to satisfy the following requirements:
* It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.
* The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-07-17
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and
remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-07-17
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-17
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-07-17