CVEDB API

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - CVEs Published In September 2023

CVE-2023-40007

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwol Bastakoti CT Commerce plugin <= 2.0.1 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40328

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carrrot plugin <= 1.1.0 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40329

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZest Custom Admin Login Page | WPZest plugin <= 1.2.0 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40552

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurcharan Singh Fitness calculators plugin plugin <= 2.0.7 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40553

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausible.Io Plausible Analytics plugin <= 1.3.3 versions.

CVSS Score

5.8

EPSS Score

0.002

Published

2023-09-06

CVE-2023-40554

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.

CVSS Score

7.1

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40560

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-09-06

CVE-2023-40601

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.

CVSS Score

7.1

EPSS Score

0.002

Published

2023-09-06

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

CVSS Score

9.8

EPSS Score

0.923

Published

2023-09-06

CVE-2023-30497

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <= 1.4.4 versions.

CVSS Score

7.1

EPSS Score

0.002

Published

2023-09-06

Prev Next

Page 170

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - CVEs Published In September 2023

Products

Pricing

Contact Us