Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-32791
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-03
CVE-2023-32792
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-03
CVE-2023-39159
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
CVE-2023-40009
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-10-03
CVE-2023-40198
Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-10-03
CVE-2023-40199
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-40201
Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-03
CVE-2023-40202
Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-40212
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
CVE-2023-2681
An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved