CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32504 – WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32504
09 May 2023 — The Wise Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.3. • https://patchstack.com/database/vulnerability/wise-chat/wordpress-wise-chat-plugin-3-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32512 – WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32512
08 May 2023 — The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. • https://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-webp-avif-cdn-image-optimization-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28409 – MW WP Form <= 4.4.2 - Directory Traversal via _file_upload
https://notcve.org/view.php?id=CVE-2023-28409
08 May 2023 — The MW WP Form plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.2 via the _file_upload function. • https://jvn.jp/en/jp/JVN01093915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28413 – Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont
https://notcve.org/view.php?id=CVE-2023-28413
08 May 2023 — The Snow Monkey Forms plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.1.1 via the 'view' REST endpoint. • https://jvn.jp/en/jp/JVN01093915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36424 – WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-36424
05 May 2023 — The Easy Appointments plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.11.9. • https://patchstack.com/database/vulnerability/easy-appointments/wordpress-easy-appointments-plugin-3-11-9-cross-site-request-forgery-csrf-vulnerability? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41786 – WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-41786
05 May 2023 — The WP Job Portal plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. • https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-1-1-9-unauthorized-plugin-settings-change-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32125 – WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32125
04 May 2023 — The Multi Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.6. • https://patchstack.com/database/vulnerability/multi-rating/wordpress-multi-rating-plugin-5-0-6-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31235 – WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31235
03 May 2023 — The Participants Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.9. • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-4-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2276 – WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change
https://notcve.org/view.php?id=CVE-2023-2276
03 May 2023 — The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. • https://lana.codes/lanavdb/3a841453-d083-4f97-a7f1-b398c7304284 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0766 – Newsletter Popup <= 1.2 - Record Deletion via CSRF
https://notcve.org/view.php?id=CVE-2023-0766
02 May 2023 — The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce. The Newsletter Popup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. • https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88 • CWE-352: Cross-Site Request Forgery (CSRF) •