CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3634 – Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3634
27 Oct 2022 — The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection El complemento de WordPress del complemento de base de datos Contact Form 7 anterior a 1.2.6.5 no valida los datos cuando los devuelve a un archivo CSV, lo que podría provocar una inyección de CSV. The Contact Form 7 Database Addon plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.2.6.3. • https://wpscan.com/vulnerability/b5eeefb0-fb5e-4ca6-a6f0-67f4be4a2b10 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40695 – WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-40695
25 Oct 2022 — Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en el complemento de SEO Redirection en versiones <= 8.9 en WordPress. The SEO Redirection Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.9. • https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-plugin-8-9-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3688 – WPQA < 5.9 - Follow/Unfollow via CSRF
https://notcve.org/view.php?id=CVE-2022-3688
25 Oct 2022 — The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks El complemento de WordPress WPQA Builder anterior a 5.9 no tiene verificación CSRF al seguir y dejar de seguir a los usuarios, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen tales acciones a través de ataques CSRF. The WPQA plugin for WordPress ... • https://wpscan.com/vulnerability/03b2c6e6-b86e-4143-a84a-7a99060c4848 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-3477 – tagDiv Composer < 3.5 - Unauthenticated Account Takeover
https://notcve.org/view.php?id=CVE-2022-3477
24 Oct 2022 — The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address El complemento de WordPress tagDiv Composer anterior a 3.5, requerido por el tema Newspaper WordPress anterior a 12.1 y el tema Newsmag de WordPress anterior a 5.2.2, no impleme... • https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43469 – WordPress Corona Virus (COVID-19) Banner & Live Data Plugin <= 1.7.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-43469
24 Oct 2022 — The Corona Virus (COVID-19) Banner & Live Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.0.6. • https://patchstack.com/database/vulnerability/corona-virus-covid-19-banner/wordpress-corona-virus-covid-19-banner-live-data-plugin-1-7-0-6-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41652 – WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-41652
21 Oct 2022 — Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. Omite la vulnerabilidad en el complemento Quiz And Survey Master en WordPress en versiones <= 7.3.10. The Quiz And Survey Master plugin for WordPress is vulnerable to authorization bypass due to a missing user validations on the qsm_clear_audit_data function in versions up to, and including, 7.3.10. • https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-7-3-10-bypass-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41685 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Integration for Szamlazz.hu & WooCommerce and Csomagpontok és szállítási címkék WooCommerce hez plugins
https://notcve.org/view.php?id=CVE-2022-41685
20 Oct 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en Viszt Péter's Integration para Szamlazz.hu & WooCommerce <= 5.6.3.2 y Csomagpontok és szállítási címkék WooCommerce-hez <= 1.9.0.2 en WordPress. The Csomagpontok és szállítási címkék WooCommerce hez ... • https://patchstack.com/database/vulnerability/hungarian-pickup-points-for-woocommerce/wordpress-csomagpontok-es-szallitasi-cimkek-woocommerce-hez-plugin-1-9-0-2-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3574 – WPForms Pro < 1.7.7 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3574
19 Oct 2022 — The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. El complemento de WordPress WPForms Pro anterior a 1.7.7 no valida los datos de su formulario al generar el CSV exportado, lo que podría provocar una inyección de CSV. The WPForms Pro plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.7.6. • https://wpscan.com/vulnerability/0eae5189-81af-4344-9e96-dd1f4e223d41 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3463 – FluentForm < 4.3.13 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3463
17 Oct 2022 — The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection El complemento de WordPress Contact Form anterior a 4.3.13 no valida ni escapa de los campos al exportar entradas de formulario como CSV, lo que genera una inyección de CSV. The Contact Form Plugin by FluentForm plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 4.3.12. • https://wpscan.com/vulnerability/e2a59481-db45-4b8e-b17a-447303469364 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3481 – WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-3481
17 Oct 2022 — The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection El complemento de WordPress WooCommerce Dropshipping anterior a 4.4 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL a través de un endpoint REST disponible para usuarios no autenticados, lo que lleva a una inyección de SQL. The WooCo... • https://wpscan.com/vulnerability/c5e395f8-257e-49eb-afbd-9c1e26045373 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •