CVE-2023-25447 – WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25447
08 Feb 2023 — The ColorWay Theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.3. • https://patchstack.com/database/vulnerability/colorway/wordpress-colorway-theme-4-2-3-csrf-leading-to-arbitrary-plugin-activation? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-47155 – WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47155
07 Feb 2023 — The Slider by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-45370 – WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45370
06 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en WebToffee WordPress Comments Import & Export. Este problema afecta a WordPress Comments Import & Export: desde n/a hasta 2.3.1. The WordPress Comments Import & Export plugin for Wo... • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-wordpress-comments-import-export-plugin-2-3-1-csv-injection? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2022-45810 – WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45810
06 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooComm... • https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2022-45068 – WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45068
06 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. The Mercado Pago payments for WooCommerce plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0. This is due to missing or incorrect nonce validation on the multiple functions. This makes it possible for unauthenticated attackers to trick other users or visitors into creating or processing payments via a forged request. Cross-Site Request Forgery (CSRF) ... • https://patchstack.com/database/vulnerability/woocommerce-mercadopago/wordpress-mercado-pago-payments-for-woocommerce-plugin-6-3-1-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-2933 – 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2933
06 Feb 2023 — The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. • https://plugins.trac.wordpress.org/browser/0mk-shortener/trunk/0mk.php#L28 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-23797 – WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23797
03 Feb 2023 — The Auto YouTube Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. • https://patchstack.com/database/vulnerability/auto-youtube-importer/wordpress-auto-youtube-importer-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-47443 – WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47443
02 Feb 2023 — The Multi Rating for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.5. • https://patchstack.com/database/vulnerability/multi-rating/wordpress-multi-rating-plugin-5-0-5-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-23879 – WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23879
02 Feb 2023 — The PHP Execution plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/php-execution-plugin/wordpress-php-execution-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-25065 – WordPress WP Tabs Plugin <= 2.1.14 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25065
02 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. The WP Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.14. ... Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. • https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •