CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46839 – WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-46839
27 Jan 2023 — The JS Help Desk plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 2.7.1. • https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46842 – WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46842
27 Jan 2023 — The JS Help Desk plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.1. • https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-multiple-cross-site-request-forgery-csrf-vulnerabilities? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2022-25860 – simple-git < 3.16.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-25860
24 Jan 2023 — WordPress plugins and themes may be using this package, however, they may not be vulnerable to exploitation. • https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24382 – WordPress Material Design Icons for Page Builders Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24382
23 Jan 2023 — The Material Design Icons for Page Builders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. • https://patchstack.com/database/vulnerability/material-design-icons-for-elementor/wordpress-material-design-icons-for-page-builders-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22692 – WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22692
23 Jan 2023 — The Name Directory plugin for WordPress is vulnerable to Cross Site Request Forgery in versions up to, and including, 1.27.1. • https://patchstack.com/database/vulnerability/name-directory/wordpress-name-directory-plugin-1-27-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 2CVE-2022-47615 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion
https://notcve.org/view.php?id=CVE-2022-47615
20 Jan 2023 — Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inclusión de archivos locales (LFI) en LearnPress – WordPress LMS Plugin. ... The LearnPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.7.3.2 via the lp/v1/courses/archive-course rest API endpoint. ... Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. • https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23790 – WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23790
20 Jan 2023 — The Pods plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10.2. • https://patchstack.com/database/vulnerability/pods/wordpress-pods-custom-content-types-and-fields-plugin-2-9-10-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23813 – WordPress My Calendar Plugin <= 3.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23813
20 Jan 2023 — The My Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.3. • https://patchstack.com/database/vulnerability/my-calendar/wordpress-my-calendar-plugin-3-4-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23890 – WordPress WP Airbnb Review Slider Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23890
20 Jan 2023 — The WP Airbnb Review Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. • https://patchstack.com/database/vulnerability/wp-airbnb-review-slider/wordpress-wp-airbnb-review-slider-plugin-3-2-cross-site-request-forgery-csrf-leading-to-reviews-removal-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-45808 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-45808
20 Jan 2023 — SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inyección SQL en LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versiones. The LearnPress plugin for WordPress is vulnerable to SQL Injection in versions up to and including 4.1.7.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... • https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •