CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30484 – WordPress Enable Accessibility Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-30484
13 Apr 2023 — The Enable Accessibility plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. • https://patchstack.com/database/vulnerability/enable-accessibility/wordpress-enable-accessibility-plugin-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46809 – WordPress ReviewX Plugin <= 1.6.7 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-46809
13 Apr 2023 — The ReviewX plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.6.7. • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-6-csv-injection? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1650 – ChatBot < 4.4.7 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-1650
12 Apr 2023 — The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog The ChatBot plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.4.6 via deserialization of untrusted input from cookies This allows unauthenticated attackers to inject a PHP Object. • https://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 1CVE-2023-1730 – SupportCandy < 3.1.5 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-1730
10 Apr 2023 — The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks The SupportCandy plugin for WordPress is vulnerable to SQL injection via the 'parse_user_filters' function in versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29440 – WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-29440
07 Apr 2023 — The Simple Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.3. • https://patchstack.com/database/vulnerability/simple-job-board/wordpress-simple-job-board-plugin-2-10-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23704 – WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23704
07 Apr 2023 — The Comments Ratings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. • https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25487 – WordPress PixTypes Plugin <= 1.4.14 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25487
07 Apr 2023 — The PixTypes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.14. • https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-14-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34005 – WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34005
07 Apr 2023 — The Front End Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.24. • https://patchstack.com/database/vulnerability/front-end-only-users/wordpress-front-end-users-plugin-3-2-24-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29425 – WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-29425
06 Apr 2023 — The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.23. • https://patchstack.com/database/vulnerability/shiftcontroller/wordpress-shiftcontroller-employee-shift-scheduling-plugin-4-9-23-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29426 – WordPress Spreadshop Plugin Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-29426
06 Apr 2023 — The Spreadshop Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. • https://patchstack.com/database/vulnerability/spreadshop/wordpress-spreadshop-plugin-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •