Security Vulnerabilities - CVEs Published In October 2023
A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-06
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-10-06
A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-06