CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36854 – WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36854
29 Sep 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin Booking Ultra Pro versiones anteriores a 1.1.4 incluyéndola, en WordPress The Booking Ultra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-4-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3600 – Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
https://notcve.org/view.php?id=CVE-2022-3600
28 Sep 2022 — The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. El complemento de WordPress Easy Digital Downloads anterior a 3.1.0.2 no valida los datos cuando se generan en un archivo CSV, lo que podría provocar una inyección de CSV. The Easy Digital Downloads plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 3.1.0.1.1. • https://wpscan.com/vulnerability/16e2d970-19d0-42d1-8fb1-e7cb14ace1d0 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34654 – WordPress Manage Notification E-mails Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-34654
27 Sep 2022 — Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress. Cross-Site Request Forgery (CSRF) en el complemento Virgial Berveling's Manage Notification E-mails en WordPress en versiones <= 1.8.2. The Manage Notification E-mails plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... • https://patchstack.com/database/vulnerability/manage-notification-emails/wordpress-manage-notification-e-mails-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41155 – WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability
https://notcve.org/view.php?id=CVE-2022-41155
26 Sep 2022 — Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Vulnerabilidad de bloqueo del BYPASS en el complemento iQ Block Country en versiones <= 1.2.18 en WordPress. The iQ Block Country plugin for WordPress is vulnerable to Country Blocking Bypass in versions up to, and including, 1.2.18. • https://patchstack.com/database/vulnerability/iq-block-country/wordpress-iq-block-country-plugin-1-2-18-block-bypass-vulnerability?_s_id=cve • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27858 – WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-27858
26 Sep 2022 — CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Vulnerabilidad de inyección CSV en Activity Log Team Activity Log de Wordpress en versiones <= 2.8.3. The Activity Log plugins for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.8.3. • https://patchstack.com/database/vulnerability/aryo-activity-log/wordpress-activity-log-plugin-2-8-3-csv-injection-vulnerability? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38079 – WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38079
23 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el Plugin Backup Scheduler versiones anteriores a 1.5.13 incluyéndola en WordPress. The Backup Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. • https://patchstack.com/database/vulnerability/backup-scheduler/wordpress-backup-scheduler-plugin-1-5-13-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38454 – WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38454
23 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Kraken.io Image Optimizer versiones anteriores a 2.6.5 incluyéndola en WordPress. The Kraken.io Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.5. • https://patchstack.com/database/vulnerability/kraken-image-optimizer/wordpress-kraken-io-image-optimizer-plugin-2-6-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38470 – WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38470
22 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Customer Reviews for WooCommerce versiones anteriores a 5.3.5 incluyéndola en WordPress. • https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41996 – WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-41996
21 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el tema premium del ThemeFusion Avada en versiones <= 7.8.1 en WordPress, lo que provoca la instalación/activación arbitraria de complementos. The Avada theme for WordPress is vulnerable to Cross-Site Request forgery in versions up to, and including, 7.8.1 in class-... • https://patchstack.com/database/vulnerability/avada/wordpress-avada-premium-theme-7-8-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2864 – demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2864
21 Sep 2022 — The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. ... El complemento de anotación de imágenes demon para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 4.7 inclusive. • https://plugins.trac.wordpress.org/browser/demon-image-annotation/trunk/includes/settings.php • CWE-352: Cross-Site Request Forgery (CSRF) •