CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37230 – WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-37230
21 Jun 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rara Theme Book Landing Page. Este problema afecta a Book Landing Page: desde n/a hasta 1.2.3. The Book Landing Page theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the book_landing_page_update_admin_no... • https://patchstack.com/database/vulnerability/book-landing-page/wordpress-book-landing-page-theme-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24404 – WordPress Marketing Performance Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24404
02 Feb 2023 — Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. The Marketing Performance Plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plu... • https://patchstack.com/database/vulnerability/marketing-performance/wordpress-marketing-performance-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29451 – WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2022-29451
21 Apr 2022 — Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) conllevando a una vulnerabilidad de carga de archivos arbitraria en el plugin Rara One Click Demo Import versiones anteriores a 1.2.9 en WordPress, permite a atacantes engañar a los usuarios admi... • https://patchstack.com/database/vulnerability/rara-one-click-demo-import/wordpress-rara-one-click-demo-import-plugin-1-2-9-cross-site-request-forgery-csrf-leads-to-arbitrary-file-upload-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •