CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34027 – WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-34027
25 May 2023 — The Recently Viewed Products plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.0 via deserialization of untrusted input from the 'rvpguest' cookie value. • https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36345 – WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-36345
24 May 2023 — The Download Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.4. • https://patchstack.com/database/vulnerability/download-plugin/wordpress-download-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25473 – WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25473
24 May 2023 — The Flickr Justified Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5. • https://patchstack.com/database/vulnerability/flickr-justified-gallery/wordpress-flickr-justified-gallery-plugin-3-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25482 – WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25482
24 May 2023 — The WP Tiles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. • https://patchstack.com/database/vulnerability/wp-tiles/wordpress-wp-tiles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38062 – WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38062
24 May 2023 — The Download Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.9. • https://patchstack.com/database/vulnerability/download-theme/wordpress-download-theme-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33212 – WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33212
24 May 2023 — The JetFormBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.6. • https://patchstack.com/database/vulnerability/jetformbuilder/wordpress-jetformbuilder-plugin-3-0-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 3CVE-2023-2732 – MStore API <= 3.9.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-2732
24 May 2023 — The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. • https://github.com/RandomRobbieBF/CVE-2023-2732 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33926 – WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33926
24 May 2023 — The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. • https://patchstack.com/database/vulnerability/google-maps-easy/wordpress-easy-google-maps-plugin-1-11-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33924 – WordPress SIS Handball Plugin <= 1.0.45 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-33924
23 May 2023 — The SIS Handball plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in versions up to, and including, 1.0.45 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/sis-handball/wordpress-sis-handball-plugin-1-0-45-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33927 – WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-33927
23 May 2023 — The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to SQL Injection in the projects_list and total_projects functions in versions up to, and including, 3.3.19 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •