Security Vulnerabilities - CVEs Published In November 2023
Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.003
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Currency Converter plugin <= 3.0.3 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-22
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: before crm 2.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-22
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream plugin <= 4.4.10 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-22