CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49751 – WordPress Block for Font Awesome Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49751
04 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ciprian Popescu Block for Font Awesome. Este problema afecta a Block for Font Awesome: desde n/a hasta 1.4.0. The Block for Font Awesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on t... • https://patchstack.com/database/vulnerability/block-for-font-awesome/wordpress-block-for-font-awesome-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45049 – WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45049
03 Oct 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.7 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Ciprian Popescu YouTube Playlist Player en versiones <= 4.6.7. The YouTube Playlist Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.7 due to insufficient input sanitization and o... • https://patchstack.com/database/vulnerability/youtube-playlist-player/wordpress-youtube-playlist-player-plugin-4-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33931 – WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33931
23 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. The YouTube Playlist Player plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.4. This is due to missing or incorrect nonce validation on the ytpp_settings function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as... • https://patchstack.com/database/vulnerability/youtube-playlist-player/wordpress-youtube-playlist-player-plugin-4-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4454 – Portable phpMyAdmin <= 1.4.1 - Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4454
01 Aug 2014 — WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities WordPress Portable phpMyAdmin Plugin versión 1.4.1, presenta Múltiples Vulnerabilidades de Omisión de Seguridad WordPress Portable phpMyAdmin Plugin 1.4.1 and below has Multiple Security Bypass Vulnerabilities including /pma/phpinfo.php information disclosure via direct request. • http://www.openwall.com/lists/oss-security/2013/10/22/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •