In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 22-23, 2023.
During this period, The National Vulnerability Database published 160, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 30
Medium: 90
Low: 5
Severity Not Assigned: 31
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-35127
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-40152
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-5299
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-37942
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.
References: https://discuss.elastic.co/t/apm-java-agent-security-update/291355
https://www.elastic.co/community/security
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-5921
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.
References: https://www.usom.gov.tr/bildirim/tr-23-0650
CWE-ID: CWE-841
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-3103
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-5047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006.
References: https://www.usom.gov.tr/bildirim/tr-23-0651
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5983
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
References: https://www.usom.gov.tr/bildirim/tr-23-0652
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-27451
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions.
References: https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-2889
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: through 20231122.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0653
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-6252
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-chameleon-power-products
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-2437
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-2440
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-2449
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-2497
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-2841
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-48705
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.
References: https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html
https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe
https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2
https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d
https://github.com/nautobot/nautobot/pull/4832
https://github.com/nautobot/nautobot/pull/4833
https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5465
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110
https://plugins.trac.wordpress.org/changeset/2985560/popup-with-fancybox#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-5466
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122
https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136
https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-5815
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=
https://wordpress.org/plugins/blog-designer-pack/
https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5822
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.
References: https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L828
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L855
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L904
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6007
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-6009
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-43082
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description:
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.
References: https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-6156
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References: https://checkmk.com/werk/16221
CWE-ID: CWE-140
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-6157
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References: https://checkmk.com/werk/16221
CWE-ID: CWE-140
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-6263
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
References: https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-47781
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <= 3.24.2 versions.
References: https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-47785
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions.
References: https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-30496
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.
References: https://patchstack.com/database/vulnerability/bus-ticket-booking-with-seat-reservation/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-47766
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.
References: https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-47767
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
References: https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-47768
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
References: https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-47773
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
References: https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 22-23, 2023.
During this period, The National Vulnerability Database published 160, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 30
Medium: 90
Low: 5
Severity Not Assigned: 31
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-35127
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-40152
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-5299
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A user with a standard account in Fuji Electric Tellus Lite may overwrite files in the system.
References: https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a
https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-37942
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.
References: https://discuss.elastic.co/t/apm-java-agent-security-update/291355
https://www.elastic.co/community/security
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-5921
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.
References: https://www.usom.gov.tr/bildirim/tr-23-0650
CWE-ID: CWE-841
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-3103
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-5047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.This issue affects DRDrive: before 20231006.
References: https://www.usom.gov.tr/bildirim/tr-23-0651
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-5983
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: before 2.1.133.0.
References: https://www.usom.gov.tr/bildirim/tr-23-0652
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-27451
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions.
References: https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-2889
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: through 20231122.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0653
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-6252
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-chameleon-power-products
CWE-ID: CWE-35
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-2437
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-2440
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-2449
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-2497
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-2841
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/advanced-local-pickup-for-woocommerce/trunk/include/wc-local-pickup-admin.php?rev=2889033#L447
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-48705
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.
References: https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html
https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe
https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2
https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d
https://github.com/nautobot/nautobot/pull/4832
https://github.com/nautobot/nautobot/pull/4833
https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5465
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/popup-with-fancybox/trunk/popup-with-fancybox.php?rev=2827070#L110
https://plugins.trac.wordpress.org/changeset/2985560/popup-with-fancybox#file1
https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-5466
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122
https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136
https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-5815
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=
https://wordpress.org/plugins/blog-designer-pack/
https://www.leavesongs.com/PENETRATION/docker-php-include-getshell.html#0x06-pearcmdphp
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5822
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.
References: https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L828
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L855
https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.7.2/inc/dnd-upload-cf7.php#L904
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-6007
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
References: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-6009
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
References: http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-43082
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description:
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.
References: https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-6156
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References: https://checkmk.com/werk/16221
CWE-ID: CWE-140
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-6157
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.
References: https://checkmk.com/werk/16221
CWE-ID: CWE-140
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-6263
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
References: https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing
CWE-ID: CWE-290
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-47781
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder <= 3.24.2 versions.
References: https://patchstack.com/database/vulnerability/thrive-theme/wordpress-thrive-theme-builder-theme-3-20-1-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-47785
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions.
References: https://patchstack.com/database/vulnerability/layerslider/wordpress-layerslider-plugin-7-7-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-30496
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions.
References: https://patchstack.com/database/vulnerability/bus-ticket-booking-with-seat-reservation/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-47766
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.
References: https://patchstack.com/database/vulnerability/post-status-notifier-lite/wordpress-post-status-notifier-lite-plugin-1-11-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-47767
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
References: https://patchstack.com/database/vulnerability/interactive-world-map/wordpress-interactive-world-map-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-47768
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
References: https://patchstack.com/database/vulnerability/footer-putter/wordpress-footer-putter-plugin-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-47773
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
References: https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found