Security Vulnerabilities - CVEs Published In October 2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-02
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-02
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-02
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-02
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-02