Security Vulnerabilities - CVEs Published In November 2022
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-11-18
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-18
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-18
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-18
Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-11-18