CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24649 – WP User Frontend < 3.5.29 - Obscure Registration as Admin
https://notcve.org/view.php?id=CVE-2021-24649
31 Oct 2022 — The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin El complemento de WordPress WP User Frontend ant... • https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-9e0b4be132e2 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25952 – WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25952
31 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Keywordrush Content Egg en WordPress en versiones <= 5.4.0. The Content Egg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.0. • https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36401 – WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-36401
30 Oct 2022 — The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. • https://patchstack.com/database/vulnerability/woo-wallet/wordpress-terawallet-for-woocommerce-plugin-1-3-24-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43459 – WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-43459
29 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. The Forms by CaptainForm plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.3. ... Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. • https://patchstack.com/database/vulnerability/captainform/wordpress-forms-by-captainform-2-5-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42497 – WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2022-42497
28 Oct 2022 — Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Vulnerabilidad de ejecución de código arbitrario en el complemento Api2Cart Bridge Connector en WordPress en versiones <= 1.1.0. The Api2Cart Bridge Connector plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.0. • https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-code-execution-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42698 – WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2022-42698
28 Oct 2022 — Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Vulnerabilidad de carga arbitraria de archivos no autenticada en el complemento WordPress Api2Cart Bridge Connector en WordPress en versiones <= 1.1.0. The Api2Cart Bridge Connector plugin for WordPress is vulnerable to arbitrary file uploads due to missing or incorrect file type validation in versions up to, and including, 1.1.0. • https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44740 – WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-44740
28 Oct 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40686 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40686
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40687 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40687
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-easier-wordpress-woocommerce-email-marketing-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1578 – My wpdb < 2.5 - Arbitrary SQL Query via CSRF
https://notcve.org/view.php?id=CVE-2022-1578
28 Oct 2022 — The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack Al complemento My wpdb de WordPress anterior a 2.5 le falta la verificación CSRF al ejecutar consultas SQL, lo que podría permitir a un atacante hacer que un administrador que haya iniciado sesión ejecute una consulta SQL arbitraria a través de un ataque CSRF. The My wpdb plugin for WordPress is vulnerable ... • https://wpscan.com/vulnerability/c280da92-4ac2-43ea-93a2-6c583b79b98b • CWE-352: Cross-Site Request Forgery (CSRF) •