Security Vulnerabilities - CVEs Published In November 2023
Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-11-09
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-11-09