Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-28498
Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28618
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28694
Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28696
Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28930
Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28987
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28495
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12
CVE-2023-28497
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-12
CVE-2023-42781
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-12
CVE-2023-47037
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.  Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved