In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 29-30, 2023.
During this period, The National Vulnerability Database published 162, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 27
High: 23
Medium: 69
Low: 20
Severity Not Assigned: 23
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-23431
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
References: https://www.hihonor.com/global/security/cve-2023-23431/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-23432
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
References: https://www.hihonor.com/global/security/cve-2023-23432/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-23436
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
References: https://www.hihonor.com/global/security/cve-2023-23436/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-51431
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description:
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
References: https://www.hihonor.com/global/security/cve-2023-51431/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-51434
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description:
Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.
References: https://www.hihonor.com/global/security/cve-2023-51434/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-51435
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description:
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
References: https://www.hihonor.com/global/security/cve-2023-51435/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-7156
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability.
References: https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-95b95ab64ccc
https://vuldb.com/?ctiid.249178
https://vuldb.com/?id.249178
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-7158
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.
References: https://github.com/micropython/micropython/issues/13007
https://github.com/micropython/micropython/pull/13039
https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f
https://github.com/micropython/micropython/releases/tag/v1.22.0
https://vuldb.com/?ctiid.249180
https://vuldb.com/?id.249180
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-7161
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.
References: https://github.com/fixitc/cve/blob/main/sql.md
https://vuldb.com/?ctiid.249183
https://vuldb.com/?id.249183
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-22677
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.
References: https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-25054
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.
References: https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-32095
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini? Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.
References: https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-40606
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
References: https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-45751
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.
References: https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-46623
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.
References: https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47840
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
References: https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
17. CVE-2022-44589
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
References: https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-49830
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
References: https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-4464
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
References: https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/
https://vuldb.com/?ctiid.249257
https://vuldb.com/?id.249257
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-51420
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
References: https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-50901
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.
References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-51373
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.
References: https://patchstack.com/database/vulnerability/google-picasa-albums-viewer/wordpress-google-photos-gallery-with-shortcodes-plugin-4-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-52135
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.
References: https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-41815
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.
References: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-50837
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.
References: https://patchstack.com/database/vulnerability/login-lockdown/wordpress-login-lockdown-protect-login-form-plugin-2-06-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-50892
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.
References: https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-50893
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
References: https://patchstack.com/database/vulnerability/us-core/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-7078
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.8
Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
References: https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-7080
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.8
Description: The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
References: https://github.com/cloudflare/workers-sdk/issues/4430
https://github.com/cloudflare/workers-sdk/pull/4437
https://github.com/cloudflare/workers-sdk/pull/4535
https://github.com/cloudflare/workers-sdk/pull/4550
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-51414
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvÃaloSimple: Email Marketing y Newsletters.This issue affects EnvÃaloSimple: Email Marketing y Newsletters: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-51422
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0.
References: https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-51470
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1.
References: https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-51505
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.
References: https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-51545
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4.
References: https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-352 CWE-502
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-7114
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
References: https://mattermost.com/security-updates
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-51410
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
References: https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-51411
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
References: https://patchstack.com/database/vulnerability/acf-frontend-form-element/wordpress-frontend-admin-by-dynamiapps-plugin-3-18-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-51412
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.
References: https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-51417
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.
References: https://patchstack.com/database/vulnerability/jvm-rich-text-icons/wordpress-jvm-rich-text-icons-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-51419
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
References: https://patchstack.com/database/vulnerability/bertha-ai-free/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-51421
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
References: https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-51468
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
References: https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-51473
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.
References: https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-51475
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.
References: https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-4541
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0740
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-4674
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0741
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-4675
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0742
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
48. CVE-2020-17163
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Visual Studio Code Python Extension Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17163
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-52137
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.3
Description: The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`.
This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.
References: https://github.com/tj-actions/verify-changed-files/commit/498d3f316f501aa72485060e8c96fde7b2014f12
https://github.com/tj-actions/verify-changed-files/commit/592e305da041c09a009afa4a43c97d889bed65c3
https://github.com/tj-actions/verify-changed-files/security/advisories/GHSA-ghm2-rq8q-wrhc
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-52139
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64).
References: https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64
https://github.com/misskey-dev/misskey/security/advisories/GHSA-7pxq-6xx9-xpgm
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 29-30, 2023.
During this period, The National Vulnerability Database published 162, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 27
High: 23
Medium: 69
Low: 20
Severity Not Assigned: 23
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-23431
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
References: https://www.hihonor.com/global/security/cve-2023-23431/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-23432
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
References: https://www.hihonor.com/global/security/cve-2023-23432/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-23436
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description:
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
References: https://www.hihonor.com/global/security/cve-2023-23436/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-51431
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description:
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
References: https://www.hihonor.com/global/security/cve-2023-51431/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-51434
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description:
Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.
References: https://www.hihonor.com/global/security/cve-2023-51434/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-51435
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description:
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.
References: https://www.hihonor.com/global/security/cve-2023-51435/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-7156
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability.
References: https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-95b95ab64ccc
https://vuldb.com/?ctiid.249178
https://vuldb.com/?id.249178
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-7158
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.
References: https://github.com/micropython/micropython/issues/13007
https://github.com/micropython/micropython/pull/13039
https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f
https://github.com/micropython/micropython/releases/tag/v1.22.0
https://vuldb.com/?ctiid.249180
https://vuldb.com/?id.249180
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-7161
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.
References: https://github.com/fixitc/cve/blob/main/sql.md
https://vuldb.com/?ctiid.249183
https://vuldb.com/?id.249183
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-22677
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.
References: https://patchstack.com/database/vulnerability/wp-booklet/wordpress-wp-booklet-plugin-2-1-8-remote-code-execution-rce?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-25054
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.
References: https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-10-6-6-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-32095
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini? Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.
References: https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-40606
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
References: https://patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-45751
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.
References: https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-46623
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.
References: https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-47840
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
References: https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
17. CVE-2022-44589
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
References: https://patchstack.com/database/vulnerability/miniorange-2-factor-authentication/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-49830
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
References: https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-4464
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
References: https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html
https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/
https://vuldb.com/?ctiid.249257
https://vuldb.com/?id.249257
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-51420
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
References: https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-50901
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.
References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-51373
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.
References: https://patchstack.com/database/vulnerability/google-picasa-albums-viewer/wordpress-google-photos-gallery-with-shortcodes-plugin-4-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-52135
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.
References: https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-41815
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.
References: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-50837
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.
References: https://patchstack.com/database/vulnerability/login-lockdown/wordpress-login-lockdown-protect-login-form-plugin-2-06-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-50892
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.
References: https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-50893
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
References: https://patchstack.com/database/vulnerability/us-core/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-7078
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.8
Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.
References: https://github.com/cloudflare/workers-sdk/pull/4532
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-7080
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.8
Description: The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
References: https://github.com/cloudflare/workers-sdk/issues/4430
https://github.com/cloudflare/workers-sdk/pull/4437
https://github.com/cloudflare/workers-sdk/pull/4535
https://github.com/cloudflare/workers-sdk/pull/4550
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-51414
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvÃaloSimple: Email Marketing y Newsletters.This issue affects EnvÃaloSimple: Email Marketing y Newsletters: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/envialosimple-email-marketing-y-newsletters-gratis/wordpress-envialosimple-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-51422
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0.
References: https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-51470
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1.
References: https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-51505
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.
References: https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-51545
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4.
References: https://patchstack.com/database/vulnerability/job-manager-career/wordpress-job-manager-career-plugin-1-4-4-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-352 CWE-502
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-7114
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
References: https://mattermost.com/security-updates
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-51410
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
References: https://patchstack.com/database/vulnerability/wp-mail-log/wordpress-wp-mail-log-plugin-1-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-51411
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
References: https://patchstack.com/database/vulnerability/acf-frontend-form-element/wordpress-frontend-admin-by-dynamiapps-plugin-3-18-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-51412
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.
References: https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-51417
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.
References: https://patchstack.com/database/vulnerability/jvm-rich-text-icons/wordpress-jvm-rich-text-icons-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-51419
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
References: https://patchstack.com/database/vulnerability/bertha-ai-free/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-51421
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
References: https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-51468
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
References: https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-51473
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.
References: https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-51475
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.
References: https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-4541
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0740
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-4674
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0741
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-4675
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://www.usom.gov.tr/bildirim/tr-23-0742
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
48. CVE-2020-17163
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Visual Studio Code Python Extension Remote Code Execution Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17163
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-52137
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.3
Description: The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`.
This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.
References: https://github.com/tj-actions/verify-changed-files/commit/498d3f316f501aa72485060e8c96fde7b2014f12
https://github.com/tj-actions/verify-changed-files/commit/592e305da041c09a009afa4a43c97d889bed65c3
https://github.com/tj-actions/verify-changed-files/security/advisories/GHSA-ghm2-rq8q-wrhc
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-52139
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64).
References: https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64
https://github.com/misskey-dev/misskey/security/advisories/GHSA-7pxq-6xx9-xpgm
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found