References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information…

CVE-2023-20266 Detail Awaiting Analysis This vulnerability is currently awaiting analysis. Description A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition…

Changed Description VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to…

CVE-2023-2171 Detail Description The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization…

CVE-2023-2172 Detail Description The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization…

Added CPE Configuration OR *cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:* versions up to (including) 3.7.1.6 Added CVSS V3.1 NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Changed Reference Type https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L384 No Types Assigned https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L384 Patch Changed Reference Type https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/deduct-steps-ui.php#L441 No Types…

CVE-2023-2174 Detail Description The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and…

Awaiting Analysis This vulnerability is currently awaiting analysis. Description The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including,…

CVE-2023-2229 Detail Awaiting Analysis This vulnerability is currently awaiting analysis. Description The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to,…

Awaiting Analysis This vulnerability is currently awaiting analysis. Description The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This…