VULNMAP - Security Vulnerabilities

CVE List - 2023 / August

Showing 2301 - 2400 of 2479 CVEs for August 2023 (Page 24 of 25)

CVE ID Date Title
CVE-2023-32742 2023-08-30 WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32801 2023-08-30 WordPress WooCommerce Composite Products Plugin <= 8.7.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-4600 2023-08-30 The AffiliateWP for WordPress is vulnerable to unauthorized modification of...
CVE-2023-32802 2023-08-30 WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32793 2023-08-30 WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32746 2023-08-30 WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32597 2023-08-30 WordPress Video Gallery Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25019 2023-08-30 WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32962 2023-08-30 WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-4624 2023-08-30 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
CVE-2023-33208 2023-08-30 WordPress Cookie Monster Plugin <= 1.51 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25462 2023-08-30 WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-33210 2023-08-30 WordPress nuajik CDN Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-33317 2023-08-30 WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-33325 2023-08-30 WordPress Leyka Plugin <= 3.30.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-33320 2023-08-30 WordPress WP-Hijri Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-33929 2023-08-30 WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-27426 2023-08-30 WordPress NotifyVisitors Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34187 2023-08-30 WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34183 2023-08-30 WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34184 2023-08-30 WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34176 2023-08-30 WordPress Chilexpress woo oficial Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34175 2023-08-30 WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34180 2023-08-30 WordPress Google Fonts For WordPress Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34174 2023-08-30 WordPress BBS e-Popup Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34173 2023-08-30 WordPress Yandex Metrica Counter Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34172 2023-08-30 WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34032 2023-08-30 WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-3356 2023-08-30 Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS
CVE-2023-3720 2023-08-30 Upload Media By URL < 1.0.8 - Stored XSS via CSRF
CVE-2023-3501 2023-08-30 FormCraft < 1.2.7 - Admin+ Stored XSS
CVE-2023-4036 2023-08-30 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
CVE-2023-4035 2023-08-30 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
CVE-2023-4013 2023-08-30 GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF
CVE-2023-4109 2023-08-30 Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
CVE-2023-3992 2023-08-30 PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting
CVE-2023-1982 2023-08-30 Front Editor <= 4.0.4 - Admin+ Stored XSS
CVE-2023-4023 2023-08-30 All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR
CVE-2022-1601 2023-08-30 User Access Manager < 2.2.18 - IP Spoofing
CVE-2023-4150 2023-08-30 User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF
CVE-2023-4209 2023-08-30 POEditor < 0.9.8 - Settings Reset via CSRF
CVE-2023-34023 2023-08-30 WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34022 2023-08-30 WordPress Dynamic QR Code Generator Plugin <= 0.0.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34008 2023-08-30 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34004 2023-08-30 WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-32294 2023-08-30 WordPress GDPR Cookie Consent Notice Box Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34372 2023-08-30 WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25453 2023-08-30 WordPress WordPress Tables Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-35094 2023-08-30 WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-35092 2023-08-30 WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25466 2023-08-30 WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28692 2023-08-30 WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28415 2023-08-30 WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-25471 2023-08-30 WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-24397 2023-08-30 WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-24401 2023-08-30 WordPress Mobile Call Now & Map Buttons Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-27621 2023-08-30 WordPress Livestream Notice Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-20266 2023-08-30 A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager...
CVE-2023-40598 2023-08-30 Command Injection in Splunk Enterprise Using External Lookups
CVE-2023-40595 2023-08-30 Remote Code Execution via Serialized Session Payload
CVE-2023-40592 2023-08-30 Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
CVE-2023-4571 2023-08-30 Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
CVE-2023-40594 2023-08-30 Denial of Service (DoS) via the ‘printf’ Search Function
CVE-2023-40593 2023-08-30 Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
CVE-2023-40596 2023-08-30 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
CVE-2023-40597 2023-08-30 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
CVE-2023-4640 2023-08-30 Set Logging Level Without Authentication
CVE-2023-41039 2023-08-30 Sandbox escape via various forms of "format" in RestrictedPython
CVE-2023-36811 2023-08-30 Archive spoofing vulnerability in borgbackup
CVE-2023-40582 2023-08-30 Command Injection Vulnerability in find-exec
CVE-2023-40184 2023-08-30 Improper handling of session establishment errors in xrdp
CVE-2023-41041 2023-08-30 User session is still usable after logout in graylog2-server
CVE-2023-41040 2023-08-30 GitPython blind local file inclusion
CVE-2023-23765 2023-08-30 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
CVE-2023-3489 2023-08-30 firmwaredownload command could log servers passwords in clear text
CVE-2023-39912 2023-08-31 Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician...
CVE-2023-41635 2023-08-31 A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component...
CVE-2023-41636 2023-08-31 A SQL injection vulnerability in the Data Richiesta dal parameter...
CVE-2023-41637 2023-08-31 An arbitrary file upload vulnerability in the Carica immagine function...
CVE-2023-41638 2023-08-31 An arbitrary file upload vulnerability in the Gestione Documentale module...
CVE-2023-41640 2023-08-31 An improper error handling vulnerability in the component ErroreNonGestito.aspx of...
CVE-2023-41642 2023-08-31 Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component...
CVE-2023-41717 2023-08-31 Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and...
CVE-2023-4652 2023-08-31 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
CVE-2023-4653 2023-08-31 Cross-site Scripting (XSS) - Stored in instantsoft/icms2
CVE-2023-4651 2023-08-31 Server-Side Request Forgery (SSRF) in instantsoft/icms2
CVE-2023-4649 2023-08-31 Session Fixation in instantsoft/icms2
CVE-2023-4650 2023-08-31 Improper Access Control in instantsoft/icms2
CVE-2023-4655 2023-08-31 Cross-site Scripting (XSS) - Reflected in instantsoft/icms2
CVE-2023-4654 2023-08-31 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
CVE-2023-4163 2023-08-31 Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
CVE-2023-4162 2023-08-31 Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
CVE-2023-31925 2023-08-31 Storage of clear text password in Brocade SANnav
CVE-2023-31423 2023-08-31 Possible information exposure through log file vulnerability
CVE-2023-31424 2023-08-31 Web authentication and authorization bypass
CVE-2023-4245 2023-08-31 The WooCommerce PDF Invoice Builder for WordPress is vulnerable to...
CVE-2023-3999 2023-08-31 The Waiting: One-click countdowns plugin for WordPress is vulnerable to...
CVE-2023-2229 2023-08-31 The Quick Post Duplicator for WordPress is vulnerable to SQL...
CVE-2023-0689 2023-08-31 The Metform Elementor Contact Form Builder for WordPress is vulnerable...
CVE-2023-4161 2023-08-31 The WooCommerce PDF Invoice Builder for WordPress is vulnerable to...