CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29428 – WordPress Superb Social Media Share Buttons and Follow Buttons Plugin <= 1.1.3 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-29428
06 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress en versiones <= 1.1.3. The Superb... • https://patchstack.com/database/vulnerability/superb-social-share-and-follow-buttons/wordpress-superb-social-media-share-buttons-and-follow-buttons-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29432 – WordPress Houzez Theme < 2.8.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-29432
06 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Favethemes Houzez - Real Estate WordPress Theme. Este problema afecta a Houzez - Real Estate WordPress Theme: desde n/a antes de 2.8... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-8-3-unauth-sql-injection-sqli-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24421 – WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24421
06 Apr 2023 — The PHP Compatibility Checker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. • https://patchstack.com/database/vulnerability/php-compatibility-checker/wordpress-php-compatibility-checker-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26015 – WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-26015
06 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Chris Richardson MapPress Maps para WordPress mappress-google-maps-for-wordpress p... • https://patchstack.com/database/vulnerability/mappress-google-maps-for-wordpress/wordpress-mappress-maps-for-wordpress-plugin-2-85-4-authenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4936 – WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-4936
05 Apr 2023 — The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632635%40wc-multivendor-marketplace&new=2632635%40wc-multivendor-marketplace&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4938 – WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-4938
05 Apr 2023 — The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632630%40wc-frontend-manager&new=2632630%40wc-frontend-manager&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4939 – WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4939
05 Apr 2023 — THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. • https://github.com/BaconCriCRi/PoC-CVE-2022-4939- • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4941 – WCFM Membership <= 2.9.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-4941
05 Apr 2023 — The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2605020%40wc-multivendor-membership&new=2605020%40wc-multivendor-membership&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25051 – WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25051
04 Apr 2023 — The Comment Reply Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. • https://patchstack.com/database/vulnerability/comment-reply-notification/wordpress-comment-reply-notification-plugin-1-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 1CVE-2023-1020 – Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-1020
03 Apr 2023 — The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. The Steveas WP Live Chat Shoutbox plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •