CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-45808 – WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-45808
20 Jan 2023 — SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. Vulnerabilidad de inyección SQL en LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versiones. The LearnPress plugin for WordPress is vulnerable to SQL Injection in versions up to and including 4.1.7.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... • https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4445 – FL3R FeelBox <= 8.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-4445
20 Jan 2023 — The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. The FL3R FeelBox plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://wpscan.com/vulnerability/9bb6fde0-1347-496b-be03-3512e6b7e8f8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22691 – WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22691
20 Jan 2023 — The Category Specific RSS feed Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. • https://patchstack.com/database/vulnerability/category-specific-rss-feed-menu/wordpress-category-specific-rss-feed-subscription-plugin-v2-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0224 – GiveWP < 2.24.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-0224
19 Jan 2023 — The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks El complemento de WordPress GiveWP anterior a 2.24.1 no escapa correctamente a la entrada del usuario antes de llegar a las consultas SQL, lo que podría permitir a atacantes no autenticados realizar ataques de inyección SQL. The GiveWP plugin for WordPress is vulnerable to SQL Injection versions up to, and in... • https://givewp.com/core-2-24-0-vulnerability-patched • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23680 – WordPress WP TopBar Plugin <= 5.36 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23680
19 Jan 2023 — The WP TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.3.2. • https://patchstack.com/database/vulnerability/wp-topbar/wordpress-wp-topbar-plugin-5-36-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23721 – WordPress Admin Log Plugin <= 1.50 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23721
19 Jan 2023 — The Admin Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.50. • https://patchstack.com/database/vulnerability/admin-log/wordpress-admin-log-plugin-1-50-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22686 – WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22686
19 Jan 2023 — The Nice PayPal Button Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. • https://patchstack.com/database/vulnerability/nice-paypal-button-lite/wordpress-nice-paypal-button-lite-plugin-1-3-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22688 – WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22688
19 Jan 2023 — The WP Tabs Slides plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. • https://patchstack.com/database/vulnerability/wordpress-tabs-slides/wordpress-wp-tabs-slides-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22714 – WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22714
19 Jan 2023 — The Coming Soon by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.10. • https://patchstack.com/database/vulnerability/coming-soon-by-supsystic/wordpress-coming-soon-by-supsystic-plugin-1-7-10-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22709 – WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22709
19 Jan 2023 — The SRS Simple Hits Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. • https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •