CVE-2023-49159 – WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49159
Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Elegant Digital Solutions CommentLuv. Este problema afecta a CommentLuv: desde n/a hasta 3.0.4. The CommentLuv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.4 via the do_click function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/commentluv/wordpress-commentluv-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-40210 – WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40210
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sean Barton (Tortoise IT) SB Child List en versiones <= 4.5. The SB Child List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5. This is due to missing or incorrect nonce validation on the 'sb_cl_update_settings' function. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request granted they can trick a site author or above into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/sb-child-list/wordpress-sb-child-list-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-3133 – Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-3133
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. El plugin Elementor Contact Form DB versiones anteriores a 1.6 para WordPress, permite un ataque de tipo CSRF por medio de las páginas de administración del backend • https://advisory.checkmarx.net/advisory/CX-2020-4293 https://plugins.trac.wordpress.org/changeset/2454670 https://wordpress.org/plugins/sb-elementor-contact-form-db/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •