Security Vulnerabilities - CVEs Published In November 2023
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI
CVSS Score
9.9
EPSS Score
0.001
Published
2023-11-06
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI
CVSS Score
9.9
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-11-06
Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-06