CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47432 – WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47432
19 Apr 2023 — The Shortcode IMDB plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 6.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/shortcode-imdb/wordpress-shortcode-imdb-plugin-6-0-8-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2022-4774 – Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-4774
19 Apr 2023 — The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveFormEntry function in versions up to, and including, 1.8.1. • https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23646 – WordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23646
19 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions. The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.9. ... Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions. • https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-4-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25468 – WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25468
19 Apr 2023 — The Reservation.Studio widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.11. • https://patchstack.com/database/vulnerability/reservation-studio-widget/wordpress-reservation-studio-widget-plugin-1-0-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45371 – WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45371
19 Apr 2023 — The ShopEngine plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.1. • https://patchstack.com/database/vulnerability/shopengine/wordpress-shopengine-plugin-4-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45815 – WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45815
19 Apr 2023 — The GDPR Compliance & Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. • https://patchstack.com/database/vulnerability/gdpr-compliance-cookie-consent/wordpress-gdpr-compliance-cookie-consent-plugin-1-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46814 – WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46814
19 Apr 2023 — The Kodex Posts likes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. • https://patchstack.com/database/vulnerability/kodex-posts-likes/wordpress-kodex-posts-likes-plugin-2-4-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46818 – WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-46818
19 Apr 2023 — The Email posts to subscribers plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/email-posts-to-subscribers/wordpress-email-posts-to-subscribers-plugin-6-2-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46856 – WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46856
19 Apr 2023 — The Woocommerce Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.3. • https://patchstack.com/database/vulnerability/woocommerce-products-designer/wordpress-woocommerce-products-designer-by-orion-online-product-customizer-for-t-shirts-print-cards-phone-cases-lettering-decals-plugin-4-3-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46857 – WordPress SiteAlert (Formerly WP Health) Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46857
19 Apr 2023 — The SiteAlert (Formerly WP Health) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.7. • https://patchstack.com/database/vulnerability/my-wp-health-check/wordpress-sitealert-uptime-speed-and-security-monitoring-for-wordpress-plugin-1-9-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •