CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22719 – WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2023-22719
08 Mar 2023 — The GiveWP plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.25.1 via the 'print_csv_rows' function used in exporting CSV files. • https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-csv-injection-vulnerability? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27417 – WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27417
08 Mar 2023 — The Affiliate Super Assistent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.1. • https://patchstack.com/database/vulnerability/amazonsimpleadmin/wordpress-affiliate-super-assistent-plugin-1-5-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27418 – WordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27418
08 Mar 2023 — The Side Menu Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0. • https://patchstack.com/database/vulnerability/side-menu-lite/wordpress-side-menu-lite-plugin-4-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27632 – WordPress Daily Prayer Time Plugin <= 2023.03.08 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27632
08 Mar 2023 — The Daily Prayer Time plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2023.03.08. • https://patchstack.com/database/vulnerability/daily-prayer-time-for-mosques/wordpress-daily-prayer-time-plugin-2023-02-21-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27431 – WordPress Big Store Theme <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27431
05 Mar 2023 — The Big Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.3. • https://patchstack.com/database/vulnerability/big-store/wordpress-big-store-theme-1-9-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27444 – WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27444
05 Mar 2023 — The DecaLog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.0. ... This makes it possible for unauthenticated attackers to install the Device Detector (device-detector) or IP Locator (ip-locator) WordPress plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-7-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25034 – WordPress WP Clean Up Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25034
03 Mar 2023 — The WP Clean Up plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. • https://patchstack.com/database/vulnerability/wp-clean-up/wordpress-wp-clean-up-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25467 – WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25467
03 Mar 2023 — The Resize at Upload Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. • https://patchstack.com/database/vulnerability/resize-at-upload-plus/wordpress-resize-at-upload-plus-plugin-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25474 – WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25474
03 Mar 2023 — The About Me 3000 widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.6. • https://patchstack.com/database/vulnerability/about-me-3000/wordpress-about-me-3000-widget-plugin-2-2-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 15%CPEs: 15EXPL: 0CVE-2022-40700 – Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
https://notcve.org/view.php?id=CVE-2022-40700
03 Mar 2023 — Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip... • https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •