Security Vulnerabilities - CVEs Published In October 2023
A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03