CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34030 – WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34030
30 May 2023 — The Complianz | GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.5. • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-7-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28782 – WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-28782
29 May 2023 — The Gravity Forms plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.7.3 via deserialization of untrusted input in the get_field_input function. • https://patchstack.com/database/vulnerability/gravityforms/wordpress-gravity-forms-plugin-2-7-3-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34028 – WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34028
29 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. The WOLF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. ... Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. • https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125101 – Portfolio Gallery Plugin sql injection
https://notcve.org/view.php?id=CVE-2014-125101
27 May 2023 — A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. ... Es wurde eine Schwachstelle in Portfolio Gallery Plugin bis 1.1.8 für WordPress entdeckt. ... The Portfolio Gallery – Photo Gallery for WordPress is vulnerable to SQL Injection via the 'search_events_by_title' parameter in versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer... • https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2278 – WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action
https://notcve.org/view.php?id=CVE-2023-2278
26 May 2023 — The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. • https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/vendor/Winter_MVC/core/mvc_loader.php#L91 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47144 – WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47144
25 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. • https://patchstack.com/database/vulnerability/mediamatic/wordpress-mediamatic-media-library-folders-plugin-2-8-1-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46810 – WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46810
25 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. • https://patchstack.com/database/vulnerability/woo-thank-you-page-customizer/wordpress-thank-you-page-customizer-for-woocommerce-increase-your-sales-plugin-1-0-13-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33974 – WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-33974
25 May 2023 — The Custom Twitter Feeds (Tweets Widget) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.4. • https://patchstack.com/database/vulnerability/custom-twitter-feeds/wordpress-custom-twitter-feeds-plugin-1-8-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45372 – WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45372
25 May 2023 — The Product Gallery Slider for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.8. • https://patchstack.com/database/vulnerability/woo-product-gallery-slider/wordpress-product-gallery-slider-for-woocommerce-plugin-2-2-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45823 – WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45823
25 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. The Video Contest WordPress Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. ... Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. • https://patchstack.com/database/vulnerability/video-contest/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •