CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32501 – WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32501
15 Feb 2023 — The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. • https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24000 – WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-24000
14 Feb 2023 — The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv[$field_id]' and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-7-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25708 – WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25708
14 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. The WP VR plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.7. ... Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. • https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-360-panorama-and-virtual-tour-builder-plugin-8-2-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25709 – WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25709
14 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. The Locatoraid Store Locator plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.11. This is due to missing or incorrect nonce validation on the grab function. This makes it possible for unauthenticated attackers to perform unauthorized form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking ... • https://patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 1CVE-2022-4328 – WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-4328
13 Feb 2023 — The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server The WooCommerce Checkout Field Manager plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the cfom_upload_file function in versions up to, and including, 17.3. • https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25058 – WordPress Schema – All In One Schema Rich Snippets Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25058
13 Feb 2023 — The Schema - All In One Schema Rich Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. • https://patchstack.com/database/vulnerability/all-in-one-schemaorg-rich-snippets/wordpress-schema-all-in-one-schema-rich-snippets-plugin-1-6-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25698 – WordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25698
13 Feb 2023 — The Shoppable Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. • https://patchstack.com/database/vulnerability/mabel-shoppable-images-lite/wordpress-shoppable-images-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47166 – WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47166
12 Feb 2023 — The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. • https://patchstack.com/database/vulnerability/cf7-widget-elementor/wordpress-void-contact-form-7-widget-for-elementor-page-builder-plugin-2-1-1-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25472 – WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25472
10 Feb 2023 — The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.3. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3568 – ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-3568
09 Feb 2023 — The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. • https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •