CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23997 – WordPress Database Collation Fix Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23997
14 Apr 2023 — The Database Collation Fix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. • https://patchstack.com/database/vulnerability/database-collation-fix/wordpress-database-collation-fix-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45367 – WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45367
14 Apr 2023 — The Custom Order Numbers for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. • https://patchstack.com/database/vulnerability/custom-order-numbers-for-woocommerce/wordpress-custom-order-numbers-for-woocommerce-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2027 – ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-2027
14 Apr 2023 — The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. • https://plugins.trac.wordpress.org/browser/zm-ajax-login-register/trunk/src/ALRSocial/ALRSocialFacebook.php#L58 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27605 – WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-27605
14 Apr 2023 — The WP Reroute Email plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/wp-reroute-email/wordpress-wp-reroute-email-plugin-1-4-6-admin-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27606 – WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27606
14 Apr 2023 — The WP Reroute Email plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.6. • https://patchstack.com/database/vulnerability/wp-reroute-email/wordpress-wp-reroute-email-plugin-1-4-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47149 – WordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47149
13 Apr 2023 — The Shortlinks by Pretty Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.0. • https://patchstack.com/database/vulnerability/pretty-link/wordpress-pretty-links-affiliate-links-link-branding-link-tracking-marketing-plugin-plugin-3-4-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47165 – WordPress CoSchedule Plugin <= 3.3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47165
13 Apr 2023 — The CoSchedule plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.8. • https://patchstack.com/database/vulnerability/coschedule-by-todaymade/wordpress-coschedule-plugin-3-3-8-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47426 – WordPress Neshan Maps Plugin <= 1.1.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47426
13 Apr 2023 — The Neshan Maps plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/neshan-maps/wordpress-neshan-maps-plugin-1-1-4-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30474 – WordPress Ultimate Noindex Nofollow Tool II Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-30474
13 Apr 2023 — The Ultimate Noindex Nofollow Tool II plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. • https://patchstack.com/database/vulnerability/ultimate-noindex-nofollow-tool-ii/wordpress-ultimate-noindex-nofollow-tool-ii-plugin-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30478 – WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-30478
13 Apr 2023 — The Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.8. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-8-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •