CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22695 – WordPress Custom Field Template Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22695
21 Mar 2023 — The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.8. • https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-5-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28667 – Lead Generated <= 1.23 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-28667
20 Mar 2023 — The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. • https://www.tenable.com/security/research/tra-2023-7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23869 – WordPress Google XML Sitemap for Mobile Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23869
20 Mar 2023 — The Google XML Sitemap for Mobile plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. • https://patchstack.com/database/vulnerability/google-mobile-sitemap/wordpress-google-xml-sitemap-for-mobile-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23897 – WordPress Simple Mobile URL Redirect Plugin <= 1.7.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23897
20 Mar 2023 — The Simple Mobile URL Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.2. • https://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1478 – Hummingbird < 3.4.2 - Unauthenticated Path Traversal
https://notcve.org/view.php?id=CVE-2023-1478
20 Mar 2023 — The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. The Hummingbird plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 3.4.1 via the page cache module, which doesn't validate file paths prior to saving them. • https://wpscan.com/vulnerability/512a9ba4-01c0-4614-a991-efdc7fe51abe • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24405 – WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24405
17 Mar 2023 — The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.3. • https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-1-9-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47164 – WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47164
16 Mar 2023 — The Event Manager for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.7. • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-7-7-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28495 – WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28495
16 Mar 2023 — The WP Shortcode by MyThemeShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.16. • https://patchstack.com/database/vulnerability/wp-shortcode/wordpress-wp-shortcode-by-mythemeshop-plugin-1-4-16-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28498 – WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28498
16 Mar 2023 — The Hotel Booking Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.0. • https://patchstack.com/database/vulnerability/motopress-hotel-booking-lite/wordpress-hotel-booking-lite-plugin-4-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23804 – WordPress HT Feed Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23804
16 Mar 2023 — The HT Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. • https://patchstack.com/database/vulnerability/ht-instagram/wordpress-ht-feed-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •