In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 20-21, 2024.
During this period, The National Vulnerability Database published 14, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 1
Medium: 2
Low: 0
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7063
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://wpforms.com/docs/how-to-view-recent-changes-to-the-wpforms-plugin-changelog/#1-8-5-4-2023-12-27
https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0521
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Code Injection in paddlepaddle/paddle
References: https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 20-21, 2024.
During this period, The National Vulnerability Database published 14, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 1
Medium: 2
Low: 0
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7063
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://wpforms.com/docs/how-to-view-recent-changes-to-the-wpforms-plugin-changelog/#1-8-5-4-2023-12-27
https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0521
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.5
Impact Score: 6.0
Description: Code Injection in paddlepaddle/paddle
References: https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found