CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2023-28662 – Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-28662
22 Mar 2023 — The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. The Gift Cards (Gift Vouchers and Packages) plugin for WordPress is vulnerable to SQL Injection via the 'template' parameter of the wpgv_doajax_voucher_pdf_save_func AJAX action in versions up to, and including, 4.3.2 due to insufficient escaping on the user supplied parameter and... • https://www.tenable.com/security/research/tra-2023-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28694 – WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28694
22 Mar 2023 — The Wbcom Designs – BuddyPress Activity Social Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.0. • https://patchstack.com/database/vulnerability/bp-activity-social-share/wordpress-wbcom-designs-buddypress-activity-social-share-plugin-3-4-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28696 – WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28696
22 Mar 2023 — The I Recommend This plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.0. • https://patchstack.com/database/vulnerability/i-recommend-this/wordpress-i-recommend-this-plugin-3-8-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28747 – WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28747
22 Mar 2023 — The CBX Currency Converter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.3. • https://patchstack.com/database/vulnerability/cbcurrencyconverter/wordpress-cbx-currency-converter-plugin-3-0-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46793 – WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46793
22 Mar 2023 — The Product Feed PRO for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 12.4.0. • https://patchstack.com/database/vulnerability/woo-product-feed-pro/wordpress-product-feed-pro-for-woocommerce-plugin-12-3-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46800 – WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46800
22 Mar 2023 — The LiteSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rest_api_init function in versions up to, and including, 5.3. • https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-5-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46812 – WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46812
22 Mar 2023 — The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. • https://patchstack.com/database/vulnerability/woo-thank-you-page-customizer/wordpress-thank-you-page-customizer-for-woocommerce-increase-your-sales-plugin-1-0-13-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28618 – WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28618
21 Mar 2023 — The Enhanced Plugin Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.16. • https://patchstack.com/database/vulnerability/enhanced-plugin-admin/wordpress-enhanced-plugin-admin-plugin-1-16-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25478 – WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25478
21 Mar 2023 — The Weather Station plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.11. • https://patchstack.com/database/vulnerability/live-weather-station/wordpress-weather-station-plugin-3-8-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22694 – WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22694
21 Mar 2023 — The BigContact plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. • https://patchstack.com/database/vulnerability/bigcontact/wordpress-bigcontact-contact-page-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •