Lista CVE 2023/40xxx

CVE nel gruppo: 40xxx

CVE-2023-40000 (N/A)

CVE-2023-40001 (WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability)

CVE-2023-40002 (WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability)

CVE-2023-40003 (WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure)

CVE-2023-40004 (WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability)

CVE-2023-40005 (Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins)

CVE-2023-40007 (WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control)

CVE-2023-40008 (WordPress CT Commerce Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-40009 (WordPress Simple Org Chart Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-40010 (WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-40011 (WordPress HUSKY – Products Filter for WooCommerce (formerly WOOF) Plugin <= 1.3.4.2 is vulnerable to SQL Injection)

CVE-2023-40012 (WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability)

CVE-2023-40013 (uthenticode EKU validation bypass)

CVE-2023-40014 (Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in external-svg-loader)

CVE-2023-40015 (OpenZeppelin Contracts’s ERC2771Context with custom forwarder may lead to zero-valued _msgSender)

CVE-2023-40017 (Vyper: reversed order of side effects for some operations)

CVE-2023-40018 (Geonode Server Side Request Forgery vulnerability)

CVE-2023-40019 (FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID)

CVE-2023-40020 (FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names)

CVE-2023-40021 (Improper Authentication in PrivateUploader)