CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0232 – ShopLentor < 2.5.4 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-0232
28 Jan 2023 — The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. The WooLentor plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.5.3 via deserialization of untrusted input in the function woolentor_set_views_count, which unserializes a user-provided cookie. • https://plugins.trac.wordpress.org/changeset/2852711/woolentor-addons/trunk/includes/helper-function.php • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47162 – WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47162
27 Jan 2023 — The DH – Anti AdBlocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 36. • https://patchstack.com/database/vulnerability/dh-anti-adblocker/wordpress-dh-anti-adblocker-plugin-36-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47588 – WordPress Simple Photo Gallery Plugin <= v1.8.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-47588
27 Jan 2023 — The Simple Photo Gallery plugin for WordPress is vulnerable to generic SQL Injection via the ‘item’ parameter in versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/simple-photo-gallery/wordpress-simple-photo-gallery-plugin-v1-8-1-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0558 – ContentStudio <= 1.2.5 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2023-0558
27 Jan 2023 — The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. ... El complemento ContentStudio para WordPress es vulnerable a la omisión de autorización debido a una verificación de token no segura que es susceptible de realizar malabarismos de tipos en versiones hasta la 1.2.5 incluida. • https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23714 – WordPress Uncanny Toolkit for LearnDash Plugin <= 3.6.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23714
27 Jan 2023 — The Uncanny Toolkit for LearnDash plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.4.1. • https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24377 – WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24377
27 Jan 2023 — The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.11.3. • https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-3-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24384 – WordPress Organization chart Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24384
27 Jan 2023 — The Organization chart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. • https://patchstack.com/database/vulnerability/organization-chart/wordpress-wpdevart-organization-chart-plugin-1-4-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24415 – WordPress AI ChatBot plugin <= 4.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24415
27 Jan 2023 — The ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.8. • https://patchstack.com/database/vulnerability/chatbot/wordpress-chatbot-plugin-4-2-8-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46801 – WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-46801
27 Jan 2023 — The Site Reviews plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.2.0. • https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-2-0-unauth-csv-injection-vulnerability? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46803 – WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-46803
27 Jan 2023 — The Simple Newsletter Plugin – Noptin plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.10.3. • https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •