CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23737 – WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-23737
18 Jan 2023 — The MainWP Broken Link Checker plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://patchstack.com/database/vulnerability/mainwp-broken-links-checker-extension/wordpress-mainwp-broken-links-checker-extension-plugin-4-0-unauthenticated-sql-injection-vulnerability? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23656 – WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-23656
18 Jan 2023 — The MainWP File Uploader Extension for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 4.1. • https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23659 – WordPress MainWP Matomo Extension Plugin <= 4.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23659
17 Jan 2023 — The MainWP Matomo Extension for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/mainwp-piwik-extension/wordpress-mainwp-matomo-extension-plugin-4-0-4-csrf-leading-to-plugin-settings-change-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47142 – WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47142
13 Jan 2023 — The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. • https://patchstack.com/database/vulnerability/mediamatic/wordpress-mediamatic-media-library-folders-plugin-2-8-1-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47147 – WordPress ipBlockList Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47147
13 Jan 2023 — The ipBlockList plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/ipblocklist/wordpress-ipblocklist-plugin-1-0-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47167 – WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47167
13 Jan 2023 — The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.4. • https://patchstack.com/database/vulnerability/crayon-syntax-highlighter/wordpress-crayon-syntax-highlighter-plugin-2-8-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47183 – WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47183
13 Jan 2023 — The Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2.6. • https://patchstack.com/database/vulnerability/stylist/wordpress-extra-block-design-style-css-for-any-gutenberg-blocks-plugin-0-2-6-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47609 – WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47609
13 Jan 2023 — The DNUI plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. • https://patchstack.com/database/vulnerability/dnui-delete-not-used-image-wordpress/wordpress-dnui-plugin-2-8-1-multiple-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47611 – WordPress Hover Image Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47611
13 Jan 2023 — The Hover Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1. • https://patchstack.com/database/vulnerability/hover-image/wordpress-hover-image-plugin-1-4-1-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46867 – WordPress Universal Star Rating Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46867
13 Jan 2023 — The Universal Star Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. • https://patchstack.com/database/vulnerability/universal-star-rating/wordpress-universal-star-rating-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •