Security Vulnerabilities - CVEs Published In May 2023
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-05-25
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-05-25
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.011
Published
2023-05-25