CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32587 – WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32587
12 May 2023 — The WP Reactions Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. • https://patchstack.com/database/vulnerability/wp-reactions-lite/wordpress-wp-reactions-lite-plugin-1-3-8-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32588 – WordPress Post State Tags Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32588
12 May 2023 — The Post State Tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.6. • https://patchstack.com/database/vulnerability/post-state-tags/wordpress-post-state-tags-plugin-2-0-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32592 – WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32592
12 May 2023 — The Sunny Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/fast-search-powered-by-solr/wordpress-sunny-search-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32594 – WordPress Hyphenator Plugin <= 5.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32594
12 May 2023 — The Hyphenator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.5. • https://patchstack.com/database/vulnerability/hyphenator/wordpress-hyphenator-plugin-5-1-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32602 – WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32602
12 May 2023 — The CALL ME NOW plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. • https://patchstack.com/database/vulnerability/lokalyze-call-now/wordpress-call-me-now-plugin-3-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33333 – WordPress Complianz and Complianz Premium plugins - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33333
12 May 2023 — The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. • https://patchstack.com/database/vulnerability/complianz-gdpr-premium/wordpress-complianz-premium-plugin-6-4-6-1-csrf-to-site-wide-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32092 – WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32092
12 May 2023 — The Community by PeepSo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0.9.0. • https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-social-network-membership-registration-user-profiles-plugin-6-0-9-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45373 – WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-45373
11 May 2023 — The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the 'misc[limit_results]' parameter in versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/wp-slimstat/wordpress-slimstat-analytics-plugin-5-0-4-sql-injection-sqli-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32242 – WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32242
11 May 2023 — The Woodmart Core plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.36 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 63%CPEs: 1EXPL: 9CVE-2023-32243 – WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-32243
11 May 2023 — The Essential Addons for Elementor plugin for WordPress is vulnerable to Unauthenticated Arbitrary Password Resets to Privilege Escalation in versions up to, and including, 5.7.1. • https://github.com/thatonesecguy/Wordpress-Vulnerability-Identification-Scripts • CWE-287: Improper Authentication CWE-620: Unverified Password Change •