Security Vulnerabilities - CVEs Published In August 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-30
The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-30
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-08-30