CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32579 – WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-32579
11 May 2023 — The Forget About Shortcode Buttons plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the fasc_buttons function in versions up to, and including, 2.1.2. • https://patchstack.com/database/vulnerability/forget-about-shortcode-buttons/wordpress-forget-about-shortcode-buttons-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32589 – WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32589
11 May 2023 — The Dyslexiefont Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/dyslexiefont/wordpress-dyslexiefont-free-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29238 – WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-29238
10 May 2023 — The Whydonate – FREE Donate button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.14. • https://patchstack.com/database/vulnerability/wp-whydonate/wordpress-whydonate-plugin-3-12-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32513 – WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32513
10 May 2023 — The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.25.3 via deserialization of untrusted input via the $output['main_key'] value. • https://patchstack.com/database/vulnerability/give/wordpress-give-donation-plugin-plugin-2-25-3-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32514 – WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32514
10 May 2023 — The Google Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. • https://patchstack.com/database/vulnerability/google-site-verification-using-meta-tag/wordpress-google-site-verification-plugin-using-meta-tag-plugin-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47586 – WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47586
09 May 2023 — The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the id, and form_id parameter in versions up to, and including, 3.1.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/ultimate-addons-for-contact-form-7/wordpress-ultimate-addons-for-contact-form-7-plugin-3-1-23-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28749 – WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28749
09 May 2023 — The CM On Demand Search And Replace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. • https://patchstack.com/database/vulnerability/cm-on-demand-search-and-replace/wordpress-cm-on-demand-search-and-replace-plugin-1-3-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28780 – WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28780
09 May 2023 — The Yoast SEO: Local plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 14.8. • https://patchstack.com/database/vulnerability/wpseo-local/wordpress-yoast-seo-local-plugin-14-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31075 – WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31075
09 May 2023 — The Easy Hide Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. • https://patchstack.com/database/vulnerability/easy-hide-login/wordpress-easy-hide-login-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32502 – WordPress Pro Mime Types Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32502
09 May 2023 — The Pro Mime Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. • https://patchstack.com/database/vulnerability/pro-mime-types/wordpress-pro-mime-types-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •