CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44739 – WordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-44739
09 Nov 2022 — The Quick Restaurant Reservations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. • https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45071 – WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-45071
09 Nov 2022 — Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WPML Multilingual CMS premium en WordPress en versiones <= 4.5.13. The WPML plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.13. • https://patchstack.com/database/vulnerability/sitepress-multilingual-cms/wordpress-wpml-multilingual-cms-premium-plugin-4-5-13-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45073 – WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-45073
09 Nov 2022 — Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento REST API Authentication en WordPress en versiones <= 2.4.0. The WordPress REST API Authentication plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. • https://patchstack.com/database/vulnerability/wp-rest-api-authentication/wordpress-rest-api-authentication-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40192 – WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40192
09 Nov 2022 — Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wpForo Forum en WordPress en versiones <= 2.0.9. The wpForo Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.9. • https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-forum-plugin-2-0-9-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41608 – WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41608
09 Nov 2022 — The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0. • https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-1-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44741 – WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-44741
07 Nov 2022 — Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) que conduce a Cross-Site Scripting (XSS) en el complemento David Anderson Testimonial Slider de Wordpress en versiones <= 1.3.1. The Testimonial Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. • https://patchstack.com/database/vulnerability/testimonial-slider/wordpress-testimonial-slider-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3603 – Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3603
03 Nov 2022 — The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. El complemento Exportar lista de clientes csv para WooCommerce, usuarios de WordPress csv, exportar lista de clientes invitados de WordPress antes de 2.0.69 no valida los datos cuando los devuelve a un archivo CSV, lo que podría provocar una inyección de CSV. • https://wpscan.com/vulnerability/376e2bc7-2eb9-4e0a-809c-1582940ebdc7 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44585 – WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-44585
01 Nov 2022 — The Homepage PopUp plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. • https://patchstack.com/database/vulnerability/homepage-pop-up/wordpress-homepage-popup-plugin-1-2-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41781 – WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-41781
01 Nov 2022 — Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Vulnerabilidad de control de acceso roto en el complemento Permalink Manager Lite en WordPress en versiones <= 2.2.20. The Permalink Manager Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the extra_actions function in versions up to, and including, 2.2.20. • https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-2-20-broken-access-control-vulnerability? • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3776 – Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-3776
31 Oct 2022 — The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. ... El complemento Restaurant Menu Food Ordering System Table Reservation para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 2.3.1 incluida. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2807967%40menu-ordering-reservations&new=2807967%40menu-ordering-reservations&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •