CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47143 – WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47143
20 Feb 2023 — The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.9. • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-pages-generator-by-themeisle-plugin-3-3-9-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47154 – WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47154
20 Feb 2023 — The CSS JS Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.49. • https://patchstack.com/database/vulnerability/css-js-manager/wordpress-css-js-manager-async-javascript-defer-render-blocking-css-supports-woocommerce-plugin-2-4-49-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47422 – WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47422
20 Feb 2023 — The Accept Stripe Donation – AidWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.5. • https://patchstack.com/database/vulnerability/wp-stripe-donation/wordpress-wordpress-stripe-donation-plugin-3-1-5-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0037 – 10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-0037
20 Feb 2023 — The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to generic SQL Injection via the multiple parameters in versions up to 1.0.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex... • https://bulletin.iese.de/post/wd-google-maps_1-0-72_1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23705 – WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23705
20 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. The WordPress Books Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.8. ... Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. • https://patchstack.com/database/vulnerability/wp-books-gallery/wordpress-wordpress-books-gallery-plugin-4-4-8-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23713 – WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23713
20 Feb 2023 — The Theme Tweaker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.20. • https://patchstack.com/database/vulnerability/theme-tweaker-lite/wordpress-theme-tweaker-plugin-5-20-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25699 – WordPress VideoWhisper Live Streaming Integration plugin <= 5.5.15 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-25699
20 Feb 2023 — The Live Streaming - Broadcast Live Video Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 5.5.15. • https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce? • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46851 – WordPress Starter Templates Plugin <= 3.1.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46851
20 Feb 2023 — The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.20. • https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-elementor-wordpress-beaver-builder-templates-plugin-3-1-20-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46853 – WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46853
20 Feb 2023 — The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.4. • https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-plugin-5-0-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38063 – WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38063
20 Feb 2023 — The Social Login WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.0.0. • https://patchstack.com/database/vulnerability/social-login-wp/wordpress-social-login-wp-plugin-5-0-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •