Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-2271
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-16
CVE-2022-4782
The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-16
CVE-2023-0058
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-16
CVE-2023-30871
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <= 1.1.0 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-16
CVE-2023-4241
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-16
CVE-2023-30779
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <= 1.5.51 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-16
CVE-2023-30784
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <= 1.5.2 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-16
CVE-2023-30785
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <= 1.21 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-16
CVE-2023-30786
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <= 1.3.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-16
CVE-2023-30782
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.5 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved