CVE-2023-41554

Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.

Source: CVE-2023-41554

CVE-2023-41555

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.

Source: CVE-2023-41555

CVE-2023-41556

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.

Source: CVE-2023-41556

CVE-2023-33929

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3 versions.

Source: CVE-2023-33929

CVE-2023-33320

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.

Source: CVE-2023-33320

CVE-2023-33325

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.

Source: CVE-2023-33325

CVE-2023-33317

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.

Source: CVE-2023-33317

CVE-2023-33210

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.

Source: CVE-2023-33210

CVE-2023-27426

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Source: CVE-2023-27426

CVE-2023-33208

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.

Source: CVE-2023-33208