CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31093 – WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-31093
24 Apr 2023 — The Chronosly Events Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. • https://patchstack.com/database/vulnerability/chronosly-events-calendar/wordpress-chronosly-events-calendar-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27424 – WordPress Inactive User Deleter Plugin <= 1.59 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27424
24 Apr 2023 — The Inactive User Deleter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.59. • https://patchstack.com/database/vulnerability/inactive-user-deleter/wordpress-inactive-user-deleter-plugin-1-58-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27623 – WordPress WP Page Numbers Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27623
24 Apr 2023 — The WP Page Numbers plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.5. • https://patchstack.com/database/vulnerability/wp-page-numbers/wordpress-wp-page-numbers-plugin-0-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47136 – WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47136
20 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. The Ninja Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.4. ... Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-best-data-table-plugin-for-wordpress-plugin-4-3-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47134 – WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47134
19 Apr 2023 — The Gallery Metabox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. • https://patchstack.com/database/vulnerability/gallery-metabox/wordpress-gallery-metabox-plugin-1-5-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47178 – WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47178
19 Apr 2023 — The Simple Share Buttons Adder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. • https://patchstack.com/database/vulnerability/simple-share-buttons-adder/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47420 – WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47420
19 Apr 2023 — The Accessibility Suite by Online ADA plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47428 – WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47428
19 Apr 2023 — The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to generic SQL Injection via the multiple *_selected functions in versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-6-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47430 – WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47430
19 Apr 2023 — The The School Management – Education & Learning Management plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/school-management-system/wordpress-the-school-management-plugin-4-1-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47432 – WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47432
19 Apr 2023 — The Shortcode IMDB plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 6.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •