Security Vulnerabilities - CVEs Published In November 2023
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.
CVSS Score
8.1
EPSS Score
0.0
Published
2023-11-09
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVSS Score
4.3
EPSS Score
0.011
Published
2023-11-09
The course upload preview contained an XSS risk for users uploading unsafe data.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVSS Score
3.3
EPSS Score
0.002
Published
2023-11-09