Security Vulnerabilities - CVEs Published In November 2022
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-11-18
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVSS Score
10.0
EPSS Score
0.005
Published
2022-11-18
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-11-18
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-18
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-18
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-18
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-11-18
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-18
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-18
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-11-18