CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51408 – WordPress WP Optin Wheel Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51408
27 Dec 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en StudioWombat WP Optin Wheel: herramienta de marketing por correo electrónico Optin gamificada para WordPress y WooCommerce. Est... • https://patchstack.com/database/vulnerability/wp-optin-wheel/wordpress-wp-optin-wheel-plugin-1-4-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25698 – WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25698
13 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. The Shoppable Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on several functions used to manipulate images. This makes it possible for unauthenticated attackers to perform image manipulation tasks such as deletion, and delete arbitrary posts, granted they can trick a site administrat... • https://patchstack.com/database/vulnerability/mabel-shoppable-images-lite/wordpress-shoppable-images-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •