CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46242 – Code injection in XWiki Platform
https://notcve.org/view.php?id=CVE-2023-46242
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. • https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5 https://jira.xwiki.org/browse/XWIKI-20386 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 3CVE-2023-46845
https://notcve.org/view.php?id=CVE-2023-46845
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. • https://jvn.jp/en/jp/JVN29195731 https://www.ec-cube.net/info/weakness/20231026/index.php https://www.ec-cube.net/info/weakness/20231026/index_3.php https://www.ec-cube.net/info/weakness/20231026/index_40.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47663 – WordPress Foyer plugin <= 1.7.5 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-47663
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Menno Luitjes Foyer permite la inyección de código. Este problema afecta a Foyer: desde n/a hasta 1.7.5. The Foyer – Digital Signage for WordPress plugin for WordPress is vulnerable to unauthorized content injection due to an insufficient capability check on the editing functionality in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with contributor access and above, to publish arbitrary content via slides. • https://patchstack.com/database/vulnerability/foyer/wordpress-foyer-plugin-1-7-5-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47513 – WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.3.2 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-47513
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2. Neutralización inadecuada de etiquetas HTML relacionadas con secuencias de comandos en una vulnerabilidad de página web (XSS básico) en ARI Soft ARI Stream Quiz permite la inyección de código. Este problema afecta a ARI Stream Quiz: desde n/a hasta 1.3.2. The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary content on the site without review. • https://patchstack.com/database/vulnerability/ari-stream-quiz/wordpress-ari-stream-quiz-wordpress-quizzes-builder-plugin-1-2-32-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-285: Improper Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32095 – WordPress Rename Media Files Plugin <= 1.0.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-32095
Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. • https://patchstack.com/database/vulnerability/rename-media-files/wordpress-rename-media-files-plugin-1-0-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •