Security Vulnerabilities - CVEs Published In August 2023
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30