CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33931 – WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33931
23 May 2023 — The YouTube Playlist Player plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.4. • https://patchstack.com/database/vulnerability/youtube-playlist-player/wordpress-youtube-playlist-player-plugin-4-6-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31212 – WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-31212
22 May 2023 — The Contact Form Entries plugin for WordPress is vulnerable to generic SQL Injection via the plugin's shortcode attributes in versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-auth-sql-injection-sqli-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33313 – WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33313
22 May 2023 — The WIP Custom Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.9. • https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33314 – WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33314
22 May 2023 — The BEAR plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.1. • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-3-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33316 – WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33316
22 May 2023 — The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.40. • https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2734 – MStore API <= 3.9.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-2734
22 May 2023 — The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. • https://plugins.trac.wordpress.org/browser/mstore-api/tags/3.9.0/controllers/flutter-woo.php#L911 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33315 – WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33315
21 May 2023 — The Smart App Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. • https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47174 – WordPress Performance Lab Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47174
18 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. The Performance Lab plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.0. ... Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. • https://patchstack.com/database/vulnerability/performance-lab/wordpress-performance-lab-plugin-2-2-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32964 – WordPress Better Notifications for WP Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32964
18 May 2023 — The Better Notifications for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.2. • https://patchstack.com/database/vulnerability/bnfw/wordpress-better-notifications-for-wp-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33207 – WordPress Stop Referrer Spam Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33207
18 May 2023 — The Stop Referrer Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. • https://patchstack.com/database/vulnerability/stop-referrer-spam/wordpress-stop-referrer-spam-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •