CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28986 – WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28986
29 Mar 2023 — The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.20. • https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-20-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28987 – WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28987
29 Mar 2023 — The Wp Ultimate Review plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28989 – WordPress Happy Addons for Elementor Plugin <= 3.8.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28989
29 Mar 2023 — The Happy Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.2. • https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-8-2-cross-site-request-forgery-csrf-on-collect-data-popup? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-1509 – GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
https://notcve.org/view.php?id=CVE-2023-1509
29 Mar 2023 — The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. • https://plugins.trac.wordpress.org/browser/gmace/trunk/gmace.php?rev=1583327#L84 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23993 – WordPress IP Blocker Lite Plugin <= 11.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23993
28 Mar 2023 — The IP Blocker Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.1.1. • https://patchstack.com/database/vulnerability/ip-address-blocker/wordpress-lionscripts-ip-blocker-lite-plugin-11-1-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41635 – WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41635
28 Mar 2023 — The Advanced Shipment Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.2. • https://patchstack.com/database/vulnerability/woo-advanced-shipment-tracking/wordpress-advanced-shipment-tracking-for-woocommerce-plugin-3-5-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38077 – WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38077
28 Mar 2023 — The WP OnlineSupport, Essential Plugin Popup Anything plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. • https://patchstack.com/database/vulnerability/popup-anything-on-click/wordpress-popup-anything-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30705 – WordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-30705
27 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. • https://patchstack.com/database/vulnerability/wordpress-ping-optimizer/wordpress-ping-optimizer-plugin-2-35-1-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46808 – WordPress ARMember Plugin <= 3.4.11 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-46808
27 Mar 2023 — The ARMember plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-3-4-11-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 91%CPEs: 9EXPL: 5CVE-2023-28121 – WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28121
23 Mar 2023 — An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. ... WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. With this authentication byp... • https://github.com/gbrsh/CVE-2023-28121 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •