CVE List - 2023 / August
Showing 2301 - 2400 of 2479 CVEs for August 2023 (Page 24 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-32801 | 2023-08-30 | WordPress WooCommerce Composite Products Plugin <= 8.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4600 | 2023-08-30 | The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to,... |
| CVE-2023-32802 | 2023-08-30 | WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32793 | 2023-08-30 | WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32746 | 2023-08-30 | WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32597 | 2023-08-30 | WordPress Video Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25019 | 2023-08-30 | WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32962 | 2023-08-30 | WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4624 | 2023-08-30 | Server-Side Request Forgery (SSRF) in bookstackapp/bookstack |
| CVE-2023-33208 | 2023-08-30 | WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25462 | 2023-08-30 | WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33210 | 2023-08-30 | WordPress nuajik CDN Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33317 | 2023-08-30 | WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33325 | 2023-08-30 | WordPress Leyka Plugin <= 3.30.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33320 | 2023-08-30 | WordPress WP-Hijri Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33929 | 2023-08-30 | WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27426 | 2023-08-30 | WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34187 | 2023-08-30 | WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34183 | 2023-08-30 | WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34184 | 2023-08-30 | WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34176 | 2023-08-30 | WordPress Chilexpress woo oficial Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34175 | 2023-08-30 | WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34180 | 2023-08-30 | WordPress Google Fonts For WordPress Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34174 | 2023-08-30 | WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34173 | 2023-08-30 | WordPress Yandex Metrica Counter Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34172 | 2023-08-30 | WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34032 | 2023-08-30 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3356 | 2023-08-30 | Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS |
| CVE-2023-3720 | 2023-08-30 | Upload Media By URL < 1.0.8 - Stored XSS via CSRF |
| CVE-2023-3501 | 2023-08-30 | FormCraft < 1.2.7 - Admin+ Stored XSS |
| CVE-2023-4036 | 2023-08-30 | Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access |
| CVE-2023-4035 | 2023-08-30 | Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-4013 | 2023-08-30 | GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF |
| CVE-2023-4109 | 2023-08-30 | Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection |
| CVE-2023-3992 | 2023-08-30 | PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting |
| CVE-2023-1982 | 2023-08-30 | Front Editor <= 4.0.4 - Admin+ Stored XSS |
| CVE-2023-4023 | 2023-08-30 | All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR |
| CVE-2022-1601 | 2023-08-30 | User Access Manager < 2.2.18 - IP Spoofing |
| CVE-2023-4150 | 2023-08-30 | User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF |
| CVE-2023-4209 | 2023-08-30 | POEditor < 0.9.8 - Settings Reset via CSRF |
| CVE-2023-34023 | 2023-08-30 | WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34022 | 2023-08-30 | WordPress Dynamic QR Code Generator Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34008 | 2023-08-30 | WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34004 | 2023-08-30 | WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32294 | 2023-08-30 | WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34372 | 2023-08-30 | WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25453 | 2023-08-30 | WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35094 | 2023-08-30 | WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35092 | 2023-08-30 | WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25466 | 2023-08-30 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28692 | 2023-08-30 | WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28415 | 2023-08-30 | WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25471 | 2023-08-30 | WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24397 | 2023-08-30 | WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24401 | 2023-08-30 | WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27621 | 2023-08-30 | WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-20266 | 2023-08-30 | A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated,... |
| CVE-2023-40598 | 2023-08-30 | Command Injection in Splunk Enterprise Using External Lookups |
| CVE-2023-40595 | 2023-08-30 | Remote Code Execution via Serialized Session Payload |
| CVE-2023-40592 | 2023-08-30 | Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint |
| CVE-2023-4571 | 2023-08-30 | Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI) |
| CVE-2023-40594 | 2023-08-30 | Denial of Service (DoS) via the ‘printf’ Search Function |
| CVE-2023-40593 | 2023-08-30 | Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request |
| CVE-2023-40596 | 2023-08-30 | Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL |
| CVE-2023-40597 | 2023-08-30 | Absolute Path Traversal in Splunk Enterprise Using runshellscript.py |
| CVE-2023-4640 | 2023-08-30 | Set Logging Level Without Authentication |
| CVE-2023-41039 | 2023-08-30 | Sandbox escape via various forms of "format" in RestrictedPython |
| CVE-2023-36811 | 2023-08-30 | Archive spoofing vulnerability in borgbackup |
| CVE-2023-40582 | 2023-08-30 | Command Injection Vulnerability in find-exec |
| CVE-2023-40184 | 2023-08-30 | Improper handling of session establishment errors in xrdp |
| CVE-2023-41041 | 2023-08-30 | User session is still usable after logout in graylog2-server |
| CVE-2023-41040 | 2023-08-30 | GitPython blind local file inclusion |
| CVE-2023-23765 | 2023-08-30 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling |
| CVE-2023-3489 | 2023-08-30 | firmwaredownload command could log servers passwords in clear text |
| CVE-2023-41635 | 2023-08-31 | A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file. |
| CVE-2023-41636 | 2023-08-31 | A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. |
| CVE-2023-41637 | 2023-08-31 | An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. |
| CVE-2023-41638 | 2023-08-31 | An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2023-41640 | 2023-08-31 | An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. |
| CVE-2023-41642 | 2023-08-31 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a... |
| CVE-2023-41717 | 2023-08-31 | Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. |
| CVE-2023-39912 | 2023-08-31 | Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. |
| CVE-2023-4652 | 2023-08-31 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 |
| CVE-2023-4653 | 2023-08-31 | Cross-site Scripting (XSS) - Stored in instantsoft/icms2 |
| CVE-2023-4651 | 2023-08-31 | Server-Side Request Forgery (SSRF) in instantsoft/icms2 |
| CVE-2023-4649 | 2023-08-31 | Session Fixation in instantsoft/icms2 |
| CVE-2023-4650 | 2023-08-31 | Improper Access Control in instantsoft/icms2 |
| CVE-2023-4655 | 2023-08-31 | Cross-site Scripting (XSS) - Reflected in instantsoft/icms2 |
| CVE-2023-4654 | 2023-08-31 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2 |
| CVE-2023-4163 | 2023-08-31 | Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS |
| CVE-2023-4162 | 2023-08-31 | Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0 |
| CVE-2023-31925 | 2023-08-31 | Storage of clear text password in Brocade SANnav |
| CVE-2023-31423 | 2023-08-31 | Possible information exposure through log file vulnerability |
| CVE-2023-31424 | 2023-08-31 | Web authentication and authorization bypass |
| CVE-2023-4245 | 2023-08-31 | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including,... |
| CVE-2023-3999 | 2023-08-31 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes... |
| CVE-2023-2229 | 2023-08-31 | The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied... |
| CVE-2023-0689 | 2023-08-31 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level... |
| CVE-2023-4161 | 2023-08-31 | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90.... |
| CVE-2023-3677 | 2023-08-31 | The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the... |