Security Vulnerabilities - CVEs Published In November 2022
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVSS Score
7.5
EPSS Score
0.861
Published
2022-11-18
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-18
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-11-18
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-18
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVSS Score
5.4
EPSS Score
0.009
Published
2022-11-18
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-11-18
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-18