Security Vulnerabilities - CVEs Published In August 2023
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-10
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-10
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-10
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-10
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-10
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-10
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-08-10