CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 1CVE-2022-2441 – ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-2441
17 Oct 2022 — The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. ... El complemento ImageMagick Engine para WordPress es vulnerable a la ejecución remota de código a través del parámetro 'cli_path' en versiones hasta la 1.7.5 incluida. • https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41136 – WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS
https://notcve.org/view.php?id=CVE-2022-41136
13 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. Vulnerabilidad de Cross Site Request Forgery (CSRF) que conduce a Cross-Site Scripting (XSS) en el complemento Vladimir Anokhin's Shortcodes Ultimate de Wordpress en versiones <= 5.12.0. The Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.12.0. • https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-0-csrf-vulnerability-leading-to-stored-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41134 – WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41134
12 Oct 2022 — The Optinly plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.15. • https://patchstack.com/database/vulnerability/optinly/wordpress-optinly-plugin-1-0-11-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41620 – WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41620
10 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. The SeoSamba plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. ... Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. • https://patchstack.com/database/vulnerability/seosamba-webmasters/wordpress-seosamba-for-wordpress-webmasters-plugin-1-0-5-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3254 – AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-3254
10 Oct 2022 — The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection El complemento de anuncios clasificados de WordPress El complemento de WordPress anterior a 4.3 no sanitiza y escapa adecuadamente algunos parámetros antes de usarlos en una declaración SQL a través de una... • https://wpscan.com/vulnerability/546c47c2-5b4b-46db-b754-c6b43aef2660 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3393 – Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
https://notcve.org/view.php?id=CVE-2022-3393
03 Oct 2022 — The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection El plugin Post to CSV by BestWebSoft de WordPress versiones hasta 1.4.0, no escapa apropiadamente los campos cuando son exportados los datos como CSV, conllevando a una inyección CSV The Post to CSV by BestWebSoft plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.8. • https://wpscan.com/vulnerability/689b4c42-c516-4c57-8ec7-3a6f12a3594e • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30544 – WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-30544
30 Sep 2022 — The OSM - OpenStreetMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0. • https://patchstack.com/database/vulnerability/osm/wordpress-osm-openstreetmap-plugin-6-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41634 – WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-41634
30 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Media Library Folders en WordPress en versiones <= 7.1.1. The Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.1. • https://patchstack.com/database/vulnerability/media-library-plus/wordpress-media-library-folders-plugin-7-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38137 – WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38137
29 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Analytify de WordPress en versiones <= 4.2.2. The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.2. • https://patchstack.com/database/vulnerability/wp-analytify/wordpress-analytify-plugin-4-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36418 – WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication
https://notcve.org/view.php?id=CVE-2022-36418
29 Sep 2022 — The HREFLANG Tags Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the hreflang_delete_all_data function called via a nopriv AJAX action in versions up to, and including, 2.0.0. • https://patchstack.com/database/vulnerability/hreflang-tags-by-dcgws/wordpress-hreflang-tags-lite-plugin-2-0-0-unauthenticated-plugin-data-reset-vulnerability? • CWE-862: Missing Authorization •