CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38356 – WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38356
19 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. The Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.4. ... Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. • https://patchstack.com/database/vulnerability/pearl-header-builder/wordpress-pearl-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38716 – WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38716
19 Apr 2023 — The Motors – Car Dealer & Classified Ads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.5. • https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-plugin-1-4-4-multiple-cross-site-request-forgery-csrf-vulnerabilities? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22672 – WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22672
19 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. The vSlider Multi Image Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.2. ... Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. • https://patchstack.com/database/vulnerability/vslider/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27889 – LIQUID SPEECH BALLOON <= 1.1.8 - Cross-Site Request Forgery to Settings Update
https://notcve.org/view.php?id=CVE-2023-27889
19 Apr 2023 — The LIQUID SPEECH BALLOON plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.8 . • https://wordpress.org/plugins/liquid-speech-balloon/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3342 – Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-3342
18 Apr 2023 — The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. ... El complemento Jetpack CRM para WordPress es vulnerable a la deserialización PHAR a través del parámetro 'zbscrmcsvimpf' en la función 'zeroBSCRM_CSVImporterLitehtml_app' en versiones hasta la 5.3.1 incluida. • https://plugins.trac.wordpress.org/browser/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php?rev=2790863 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41987 – WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41987
18 Apr 2023 — The BadgeOS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1.6. • https://patchstack.com/database/vulnerability/badgeos/wordpress-badgeos-plugin-3-7-1-6-multiple-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43490 – WordPress Stream Plugin <= 3.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-43490
18 Apr 2023 — The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.2. • https://patchstack.com/database/vulnerability/stream/wordpress-stream-plugin-3-9-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0603 – Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2023-0603
17 Apr 2023 — The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The Sloth Logo Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. • https://wpscan.com/vulnerability/1c93ea8f-4e68-4da1-994e-35a5873278ba • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4118 – Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-4118
17 Apr 2023 — The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users The Bitcoin / AltCoin Payment Gateway for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... • https://wpscan.com/vulnerability/2839ff82-7d37-4392-8fa3-d490680d42c4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47177 – WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47177
14 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. The WP EasyPay plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.4. ... Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. • https://patchstack.com/database/vulnerability/wp-easy-pay/wordpress-wp-easypay-square-for-wordpress-plugin-4-0-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •